cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
842
Views
0
Helpful
1
Replies
ahmad82pkn
Beginner

debugging on Router for specific port

Hi, i have Site to Site IPSEC VPN established with client on Cisco Router.

Client is unable to telnet on port 80 on my webserver behind the router across VPN tunnel.

Client claims traffic is leaving his network but blocked on my side.

What sort of debug i can do , to confirm if traffic for port 80 is even reaching my router?

VPN is very simple , just to hosts allowed to communicate with each other, and no port blocking on my side.

1 REPLY 1
david.tran
Enthusiast

You can not debug the traffics before the decryption on your side because that traffics are encrypted.

I am assuming the followings:

-  no ACL blocking on your VPN router,

-  your router is running code 12.4(20) or higher,

you can then enable the Embedded Packet Capture (ECP) on cisco router on the LAN side of the VPN router facing your webserver.  Now if you see traffics for port 80 from the other side trying to hit your web server, than you know that the traffics for port 80 from the customer is making over the VPN.  Next thing is to find out if you see return traffics for port 80 hitting the LAN side of the VPN router.  If you do not see reply for port 80 traffics, the issue is on your end prior to hitting the VPN router

http://yurisk.info/2010/02/01/capture-packets-at-ios-cisco-router-or-finally-we-have-a-sniffer/

Content for Community-Ad
This widget could not be displayed.