Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1156
Views
0
Helpful
1
Replies

debugging on Router for specific port

ahmad82pkn
Level 3
Level 3

‎09-05-2012 07:00 PM - edited ‎03-04-2019 05:29 PM

Hi, i have Site to Site IPSEC VPN established with client on Cisco Router.

Client is unable to telnet on port 80 on my webserver behind the router across VPN tunnel.

Client claims traffic is leaving his network but blocked on my side.

What sort of debug i can do , to confirm if traffic for port 80 is even reaching my router?

VPN is very simple , just to hosts allowed to communicate with each other, and no port blocking on my side.

Labels:
0 Helpful
1 Reply 1

david.tran
Level 4
Level 4

‎09-05-2012 07:24 PM

You can not debug the traffics before the decryption on your side because that traffics are encrypted.

I am assuming the followings:

-  no ACL blocking on your VPN router,

-  your router is running code 12.4(20) or higher,

you can then enable the Embedded Packet Capture (ECP) on cisco router on the LAN side of the VPN router facing your webserver.  Now if you see traffics for port 80 from the other side trying to hit your web server, than you know that the traffics for port 80 from the customer is making over the VPN.  Next thing is to find out if you see return traffics for port 80 hitting the LAN side of the VPN router.  If you do not see reply for port 80 traffics, the issue is on your end prior to hitting the VPN router

http://yurisk.info/2010/02/01/capture-packets-at-ios-cisco-router-or-finally-we-have-a-sniffer/

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card