Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7175
Views
0
Helpful
4
Replies

VPN logs

kamrannaseem1
Level 1
Level 1

‎08-15-2017 09:51 AM

Hello,

I would like to know if the Real-Time-Log viewer on ASDM provides the same information as the packet capture command using cli on cisco asa when troubleshooting IPsec VPNs or does packet capture command provides bit more detailed information for troubleshooting firewall/VPN issues.

Many thanks.

Labels:
0 Helpful
4 Replies 4

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎08-15-2017 10:07 AM

Hi kamrannaseem1,

ASDM log viewer shows you the logs pertaining to the connections which are traversing via the firewall whereas packet capture command can give you more intrinsic details regarding the specific source and destination that you want to track. You can also download these packets in the form of packet captures ( in.pcap format)

Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

kamrannaseem1
Level 1
Level 1
In response to Dinesh Moudgil

‎08-16-2017 04:54 AM

Hi,

Can we say cisco asa packet capture and wireshark traces are same thing ?

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎08-15-2017 12:26 PM

Hi,

The ASDM logs are only related to real-time traffic so they may not tell you any historic info.

Packet captures are for more detailed packet related information but may or may not help you troubleshooting IPSEC VPN all the time.

Debugs for IPSEC VPN are more helpful :)

debug crypto isa/ikev1 200

debug crypto ipsec 200

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

Mohammad Alhyari
Cisco Employee
Cisco Employee

‎08-15-2017 01:04 PM

Hi,

Logs are a very good and useful tool. Most of the network guys usually ignore it, forgetting the fact that is the box view of everything happening there, for a firewall it includes many things:

Dropped packets
Inspected traffic 
Connection stats
Attack info 
VPN info 
user's login 

More and more and more 

With logging there is useful info about VPN. So this is the approach i would recommend when troubleshooting vpn:

1) look at the logs at the debugging level. You might detect the failure directly and you get the Bingo!!!!!

2) Use the debugs with a condition 

debug cry isa 128

debug cry ipsec 128

debug cry condition peer a.x.v.b

3) Captures are very important. If you ask me why, i tell you because it is really what is being sent on the network. So as we say captures always tell you the truth!

Here is someone that not everyone knows which is isakmp captures:

capture isa type isakmp interface outside

Test and then 

show cap isa decode 

it reveals a lot about the isakmp packets exchanged and it is not phase 1 but phase 2 too :P)

So, always mix and understand what is happening.

Moh,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents