Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
661
Views
0
Helpful
7
Replies

Troubleshoot VPN traffic to a paricular IP and port

Go to solution
KnightChunkman
Level 1
Level 1

‎03-18-2015 06:00 PM - edited ‎03-05-2019 01:03 AM

I'm having issues where VPN users are trying to hit a particular server on a particular port. When connected to the LAN they can connect no problems, but not via VPN. However, via the VPN they can PING the device and RDP to it. I've checked the ACL on the ASA 5510 and it appears that the ports are open. Any ideas how I can capture or trace what's blocking them from hitting this IP and port?

 

for arguments sake, let's say 10.1.1.1 is the IP of the device and the port is 211

When connected via VPN they get a 172.16.x.x address.

 

Any help will be greatly appreciated

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lovleen Arora
Level 1
Level 1
In response to KnightChunkman

‎03-18-2015 06:43 PM

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110117-asa-capture-asdm-config.html

This link has both ASDM and CLI guides

HTH. Plz rate the answer if it fixes your problem. thanks

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Lovleen Arora
Level 1
Level 1

‎03-18-2015 06:25 PM

it should work as long as it is allowed in the split tunnel acl. have you checked that yet?

0 Helpful

Go to solution
KnightChunkman
Level 1
Level 1
In response to Lovleen Arora

‎03-18-2015 06:32 PM

I haven't got a split tunnel acl in place. I'm just wondering how I can log/capture/analyze what's occurring when the user tries to hit the server on that port. 

0 Helpful

Go to solution
Lovleen Arora
Level 1
Level 1
In response to KnightChunkman

‎03-18-2015 06:36 PM

for that, you may apply a packet capture for the firewal's vpn terminating IP on its outside interface, and it will tell you what ports are being hit etc,

and also in/out capture on the firewall's inside interface filtering the server's ip address.

asa has a packet-capture command which allows you to capture packets using ACLs for filtering traffic.

0 Helpful

Go to solution
KnightChunkman
Level 1
Level 1
In response to Lovleen Arora

‎03-18-2015 06:38 PM

That sounds like what I'm after. is there any documentation on setting this up?

 

0 Helpful

Go to solution
Lovleen Arora
Level 1
Level 1
In response to KnightChunkman

‎03-18-2015 06:43 PM

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110117-asa-capture-asdm-config.html

This link has both ASDM and CLI guides

HTH. Plz rate the answer if it fixes your problem. thanks

0 Helpful

Go to solution
KnightChunkman
Level 1
Level 1
In response to Lovleen Arora

‎03-18-2015 06:51 PM

Cheers for your help.

0 Helpful

Go to solution
KnightChunkman
Level 1
Level 1
In response to Lovleen Arora

‎03-19-2015 01:54 PM

I have done the packet capture. It's showing a connection reset. How can I dig further to allow this traffic?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card