Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1552
Views
0
Helpful
2
Replies

Packet capture at VPN entry (and exit)

abbeypressiss
Level 1
Level 1

‎10-21-2011 08:14 AM

I would like to capture packets which are going through an IPSEC tunnel. The packets originate in the appliance (syslog) and are sent to the remote via a VPN. I can see the encapsulated packets going out to the peer and I can see the ISAKMP packets to and from the peer. Because the packets originate within the appliance, they do not appear on any interface to be captured.

Is there some way to capture these packets before they are encapsulated?

I attempted to capture packets on the asa-dataplane, but they are in a format that I cannot decode, and I cannot put a filter on the capture.

Hardware is ASA-5520

Software is version 8.3(2)

Labels:
0 Helpful
2 Replies 2

ilwadhi.r
Level 1
Level 1

‎10-24-2011 03:44 PM

If i have understood this correctly, you would like to see the content of encapsulated packets on outside interface

This is not possible.

Regards

Rahul

0 Helpful

abbeypressiss
Level 1
Level 1
In response to ilwadhi.r

‎10-26-2011 07:55 AM

Thanks for the reply.

While the encapsulated packet is going out the outside interface, I want to see the contents of the packet before it is encapsulated.

It may be that the answer is the same. I can see the encapsulated packet on the outside interface, but of course I cannot decode the payload.

0 Helpful
Customers Also Viewed These Support Documents