Re: ASA S2S VPN Troubleshooting Query

georgehewittuk1 · ‎07-19-2021

Hi Guys,

Is there a command/debug/capture for the ASA whereby I can see the decapsulated packets from a site to site VPN. Usually I just capture on the interface it egresses but not getting any hits like it should.

Would be good to see what is sent as trying to prove what is being sent from a remote party.

Thanks

George

balaji.bandi · ‎07-19-2021

use the below troubleshoot guide :

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Pawan Raut · ‎07-21-2021

use the command "show crypto ipsec sa <PeerIP>" to confirm if you are receiving the decap packets in VPN tunnel

then apply the packet capture on the inside interface of Cisco VPN ASA from which the packet will leave for a destination

Please rate for useful post

ASA S2S VPN Troubleshooting Query

Consulta vpn S2S ASA

ASA/FTD: VPN Load Balancing の設定と確認例

SNMP Configuration, Verification and Troubleshooting on ASA

FMC Site-to-Site VPN Troubleshooting

ASA S2S VPN - Specific Port Tunneling