Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2109
Views
0
Helpful
2
Replies

VPN Packet Trace interfaces UNKNOWN

Go to solution
Mokhalil82
Level 4
Level 4

‎11-20-2019 08:39 AM

Hi

 

I have setup an ikev2 ipsec VPN to a 3rd party and currently not routing any traffic over it yet. For testing I ran a packet trace to ensure the VPN comes up which is does. However I can the the Input and Output interfaces showing as UNKNOWN. 

I have not seen that before and wondering why that is. I plan to reroute traffic over it as part of an out of hours change but just curious why it would show the interfaces as UNKNOWN

 

image.png

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎11-20-2019 12:17 PM - edited ‎11-20-2019 02:05 PM

Hi,

It does seem odd that it has not identified either interface. When you run packet-tracer over a VPN you need to run it twice, the first would initate and hopefully bring up the tunnel and the second test would hopefully provide the desire result. If you run it again and see what happens, if you still don't see the desired result please run the command from the CLI and provide the full output for review.

 

Also please upload the configuration for review.

 

HTH

View solution in original post

0 Helpful

Go to solution
Mokhalil82
Level 4
Level 4
In response to Rob Ingram

‎11-28-2019 01:48 AM

Just tested, command works in CLI, only in ASDM seems to show UNKNOWN for the input and out interface, I have tried the same on a different ASA using the same ASDM server and do get the input output interfaces correctly, so only on this firewall in don't.

 

Thanks for the advice, its not a major I can just test it on CLI

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎11-20-2019 12:17 PM - edited ‎11-20-2019 02:05 PM

Hi,

It does seem odd that it has not identified either interface. When you run packet-tracer over a VPN you need to run it twice, the first would initate and hopefully bring up the tunnel and the second test would hopefully provide the desire result. If you run it again and see what happens, if you still don't see the desired result please run the command from the CLI and provide the full output for review.

 

Also please upload the configuration for review.

 

HTH

0 Helpful

Go to solution
Mokhalil82
Level 4
Level 4
In response to Rob Ingram

‎11-28-2019 01:48 AM

Just tested, command works in CLI, only in ASDM seems to show UNKNOWN for the input and out interface, I have tried the same on a different ASA using the same ASDM server and do get the input output interfaces correctly, so only on this firewall in don't.

 

Thanks for the advice, its not a major I can just test it on CLI

0 Helpful
Customers Also Viewed These Support Documents