cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
181
Views
0
Helpful
3
Replies
Highlighted
Beginner

View AnyConnect traffic on ASA

All,

 

I can not seem to capture packets on my AnyConnnect users.  How would I do this?  Packets are not making it through the VPN.

 

Thanks,

Everyone's tags (4)
3 REPLIES 3
Highlighted
VIP Advisor

Re: View AnyConnect traffic on ASA

Hi,

If you are not seeing traffic in your packet capture, remember the source interface the AnyConnect traffic orginates from is the "outside" interface.

 

Example:- "capture capin interface outside match ip host 1.1.1.1 host 2.2.2.2"

 

Refer to this guide for more information and how to run packet captures on the ASA.

 

You could also run packet-tracer, which would provide more information, such as whether you are hitting an incorrect nat rule. Upload the output for review.

 

HTH

 

 

 

Highlighted
Collaborator

Re: View AnyConnect traffic on ASA

Hi,

 

   Can you, better of, specify what the exact problem is? Why do you need to perform a packet capture? As for packet capture for VPN traffic, you need to make use of the public IP's when you define your capture, not the private ones.

 

Regards,

Cristian Matei.

Highlighted
Beginner

Re: View AnyConnect traffic on ASA

I have a home office where a user on IP adders 10.4.4.0/24 has no Issue going through a site to site VPN accessing Site 2.s IPs like 172.21.0.0/23 and XXX.XXX.80.0/24 and all other IPs located at Site 2

 

now for the issue:

 

A user at home connected to the home office Via AnyConnect on an IP address of 10.4.4.0/24 can not access some Site 2 IPs lP 172.21.0.0/23 but can access all IPs that are not NATted.

 

The home office VPN is on the ASA and Site 2's VPN endpoint is on an IOS device. I tried to use packet capture on the ASA but nothing shows up on the exit interface, I do see why it would not show up because it tunneled. How can monitor traffic going through the VPN? I put an ACL on two different interfaces; one interface is the one that has the crypto map on it the other interface leads to the core device. I do not see any packets with a source or destination IP that I am trying to reach. What is happening?

 

 

Please be detailed so I can learn from this.

 

Thanks for helping.