10-21-2011 08:14 AM
I would like to capture packets which are going through an IPSEC tunnel. The packets originate in the appliance (syslog) and are sent to the remote via a VPN. I can see the encapsulated packets going out to the peer and I can see the ISAKMP packets to and from the peer. Because the packets originate within the appliance, they do not appear on any interface to be captured.
Is there some way to capture these packets before they are encapsulated?
I attempted to capture packets on the asa-dataplane, but they are in a format that I cannot decode, and I cannot put a filter on the capture.
Hardware is ASA-5520
Software is version 8.3(2)
10-24-2011 03:44 PM
If i have understood this correctly, you would like to see the content of encapsulated packets on outside interface
This is not possible.
Regards
Rahul
10-26-2011 07:55 AM
Thanks for the reply.
While the encapsulated packet is going out the outside interface, I want to see the contents of the packet before it is encapsulated.
It may be that the answer is the same. I can see the encapsulated packet on the outside interface, but of course I cannot decode the payload.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide