Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2367
Views
0
Helpful
18
Replies

Hi Experts,

Go to solution
meet_mkhan
Level 1
Level 1

‎12-18-2010 05:09 AM

Can any one help me in finding a network monitoring tool through which i

can check the source and destination ports(tcp or udp),ip address,packets

permited and denyed from asa5510 or any firewall.specially i want to monitor

packets routing which are deny and which are permited from firewall.

any help would be appreciated.

Thankx alot in advance.

Labels:
0 Helpful
18 Replies 18

Go to solution
Jitendriya Athavale
Cisco Employee
Cisco Employee
In response to meet_mkhan

‎12-22-2010 07:21 AM

i saw the captures as y ucan see the the firewall is forwarding all ip proto 50 packets for this vpn outside

i would suggest when this stops working you collect the captures again and verify on firewall if you see ip proto 50 packets betwen the vpn peers

the traffic is just some esp packets for this asa src and dst of actual packets do not matter, so when the issue happens see if you can ping the other end vpn gateway, if you are able to do that then there is no prob with asa you will probably have to conatct the sonicwall or checkpoint support

0 Helpful

Go to solution
itsecurity mk
Level 1
Level 1
In response to Jitendriya Athavale

‎12-22-2010 01:25 PM

when sms stops can u post the traces of asa we can easily find out the problem from this?

0 Helpful

Go to solution
meet_mkhan
Level 1
Level 1
In response to Jitendriya Athavale

‎12-23-2010 01:32 PM

Sorry for the delay

                          At remote side icmp is disable on checkpoint so we cant ping and i collected the

            traces when  working stops.pls find attached file .

           inside the network their is no  vpn traffic but outside their is traffic.

          I think the ASA is blocking the protocol 50 thats why vpn traffic not coming

            inside the network.

  Kindly check and reply .

77590-wc outsidedup.txt.zip
0 Helpful

Go to solution
itsecurity mk
Level 1
Level 1
In response to meet_mkhan

‎12-22-2010 01:26 PM

when sms stops can u post the traces of asa we can easily find out the problem from this?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents