06-25-2010 03:58 AM
I have a site-2-site IPSec vpn between an 1801 ISR and an ASA 5510. Monitoring the vpn on the ASA, I see there is constant traffic on it, when I would have expected only intermittent traffic. How can I trace what is actually causing traffic to cross the vpn? I suspect something at the ISR end is sending packets to the ASA network, but how can I find out what?
Cheers
Solved! Go to Solution.
06-25-2010 07:47 AM
06-25-2010 06:05 AM
Hi Alan,
I dont know if you have a netflow box but if you do have a look at this.
06-25-2010 06:20 AM
Hi,
I don't have a Netflow box, and it looks very complicated!!
What I really need is a simple metod of tracing the source IP of traffic going through the VPN.
06-25-2010 07:42 AM
Found the answer: Packet capture wizard in the ASA can track all packets between any interface or IP address/range. By capturing from the source subnet, then sending the output to Wireshark, the culprit is revealed.
06-25-2010 07:47 AM
Cool
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide