Identify traffic flowing through the IPSec Tunnel

techjoe.2 · ‎08-07-2020

Hi Everyone,

I have 2 queries

1. After we configure the IPSec VPN in a Cisco Router, how do we identify and check that the traffic is flowing through the tunnel? Are there any commands and ways to find it out?

2. What are some of the troubleshooting commands for IP Sec VPN in case the connectivity is down for some

reason?

mcunetworking · ‎09-21-2021

Here is a template I use for a packet capture on my 2901:

Set it up:

monitor capture buffer BUF size 2048 max-size 1518 linear
conf t
no ip access-list extended BUF-FILTER
ip access-list extended BUF-FILTER
permit ip xxx.xxx.xxx.xxx 0.0.0.255 host xxx.xxx.xxx
permit ip host xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 0.0.0.255
exit
exit

monitor capture buffer BUF
monitor capture buffer BUF filter access-list BUF-FILTER
monitor capture point ip process-switched POINT both
monitor capture point associate POINT BUF
monitor capture point start POINT
show monitor capture buffer all parameters

Stop it:

monitor capture point stop POINT

Get the pcap:

monitor capture buffer BUF export tftp://xxx.xxx.xxx.xxx/BUF.pcap

Clear the settings and setup up:
no monitor capture point ip process-switched POINT
no monitor capture buffer BUF

conf t

no ip access-list extended BUF-FILTER

exit

For looking at issues, at the enable prompt, use debug crypto isakmp & debug crypto ipsec once you have used terminal monitor. Use undebug all to turn it all off and then say terminal no monitor. They are detailed and if you have a lot of VPNs you will see a lot, but here is where you can tell when during the stages it is failing, such as at Phase 1 because one side only offers Group 14 but the other side is asking for Group 18,20,24. Or one side wants to hash with MD5 and the other SHA256.

Identify traffic flowing through the IPSec Tunnel

Loading an IOS on a switch via Xmodem

Glimpse of "EIGRP name mode configuration"

Understanding Wireless Client Authentication