Packet level debug for AnyConnect?

jimsiff · ‎04-06-2010

Is there an easy way to get a packet level debug for an AnyConnect client? Wireshark on the client doesn't seem to recognize the AnyConnect virtual adapter, and I can't find anything in the AnyConnect documentation. I can span the inside ASA interface to get a capture from there, but that doesn't give me visibility at what is being put onto the Cisco VPN adapter.

Federico Coto Fajardo · ‎04-06-2010

Hi,

Have you tried ''debug webvpn svc 255'' ?

Federico.

jimsiff · ‎04-06-2010

Hi Frederico,

Thanks for the reply. From my testing 'debug webvpn svc 255' doesn't provide any raw client packet data except for the session initiation. I'm looking for either of the following:

1) A snapshot of every packet through the L4 header that the AnyConnect client sends, but prior to encapsulating in the SSL tunnel.

2) A full packet capture for all traffic that the AnyConnect client sends, but prior to encapsulating in the SSL tunnel.

Thanks,

Jim

Federico Coto Fajardo · ‎04-06-2010

Have you tried the capture command?

You can set a capture, i.e

access-list cap permit ip Internal_network Pool_VPN
access-list cap permit ip Pool_VPN Internal_network
capture cap access-list cap interface outside

You can try setting the capture for the packets before they are encrypted,
but I'm not sure if its going to capture the commands before encryption.

Federico.