trojan81
asked on
debugging on a 2811 router
Experts,
Need help with some syntax.
Site A and Site B have an ipsec tunnel between each other and crypto map is applied to their outside interfaces.
I want to debug traffic on site A as it enters the tunnel to get encrypted to go to site B.
Don't have much experience doing this on a router.
Site A: 10.1.1.1 needs to access site B 20.1.1.1 via port 25
Need to debug on the inside interface. What is the best way to do it? Debug ip packet? please provide syntax if possible.
Need help with some syntax.
Site A and Site B have an ipsec tunnel between each other and crypto map is applied to their outside interfaces.
I want to debug traffic on site A as it enters the tunnel to get encrypted to go to site B.
Don't have much experience doing this on a router.
Site A: 10.1.1.1 needs to access site B 20.1.1.1 via port 25
Need to debug on the inside interface. What is the best way to do it? Debug ip packet? please provide syntax if possible.
debug crypto ipsec sa
debug crypto isakmp
debug crypto engine
harbor235 ;}
To be clear, you want to see the traffic before it's encrypted, but only the traffic that's going to be encrypted?
So you have an ACL that defines interesting traffic . . . say ACL 150
debug ip packet 150 detail dump
harbor235 gave you commands to debug IPSEC traffic, but it sounds like you want to see the actual traffic (payload). The command I gave you will display a mess.
Good luck,
SteveJ
So you have an ACL that defines interesting traffic . . . say ACL 150
debug ip packet 150 detail dump
harbor235 gave you commands to debug IPSEC traffic, but it sounds like you want to see the actual traffic (payload). The command I gave you will display a mess.
Good luck,
SteveJ
ASKER
I just want to see the traffic as it comes into the inside interface about to get encrypted and sent out the outside interface where the crypto map is applied.
In short, I just want to say "yes the traffic is at least making it to the VPN router". I dont care of it enters the tunnel or not. Just want to see it arrive at the doorstep.
In short, I just want to say "yes the traffic is at least making it to the VPN router". I dont care of it enters the tunnel or not. Just want to see it arrive at the doorstep.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER