capture voice traffic via VPN tunnel

mohamed.fawzy2012 · ‎11-06-2017

i have site-to-site vpn working well and voice team installed sip trunk between two sites and we are receiving calls from other site via vpn tunnel , now we facing issue with the call as one call consume 1 Mega internet bandwidth and after troubleshooting with cisco TAC , they want to capture voice traffic that coming in the tunnel and supposed this traffic is encapsulated , how can i capture these traffic

ASA 5512-x

version 9.4

Flavio Miranda · ‎11-06-2017

Hi @mohamed.fawzy2012

theoretically you can´t capture specific protocol inside the VPN tunnel as it is encapsulated. You can try this on the ASA by using a ACL marking the source and destination IP address and then use the command 'capture' with required parameters. You can also use port span.

However, why the consume of 1 Mbps internet is reason for a TAC ? Depends on the codec you are using, one call can consume almost 100 Kbps. If you have 10 simultaneously calls, you already have 1 Mbps.

-If I helped you somehow, please, rate it as useful.-

Mohammed al Baqari · ‎11-06-2017

You need to capture on the inside interface of either side of the vpn. If
you capture on vpn interface (which is the exit interface) you will get
encrypted traffic only

mohamed.fawzy2012 · ‎11-07-2017

i tried to capture using ACL Marking the source and destination ip of traffic inside tunnel but didn't work

also i was thinking maybe use specific debug command , is it possible ?

or we can install vpn tunnel without encapsulation , is it possible also ?

Flavio Miranda · ‎11-07-2017

Not possible capture on tunnel and not possible does not encapsulate.

You need to perform capture after traffic is decapsulated.

-If I helped you somehow, please, rate it as useful.-