[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

debugging on a 2811 router

Posted on 2011-10-20
5
Medium Priority
?
204 Views
Last Modified: 2012-05-12
Experts,

Need help with some syntax.
Site A and Site B have an ipsec tunnel between each other and crypto map is applied to their outside interfaces.

I want to debug traffic on site A as it enters the tunnel to get encrypted to go to site B.

Don't have much experience doing this on a router.

Site A: 10.1.1.1 needs to access site B 20.1.1.1 via port 25

Need to debug on the inside interface. What is the best way to do it? Debug ip packet? please provide syntax if possible.
0
Comment
Question by:trojan81
  • 2
  • 2
5 Comments
 

Author Comment

by:trojan81
ID: 37007300
anyone?
0
 
LVL 32

Expert Comment

by:harbor235
ID: 37007415


debug crypto ipsec sa
debug crypto isakmp
debug crypto engine


harbor235 ;}
0
 
LVL 16

Expert Comment

by:SteveJ
ID: 37008647
To be clear, you want to see the traffic before it's encrypted, but only the traffic that's going to be encrypted?

So you have an ACL that defines interesting traffic . . . say ACL 150

debug ip packet 150 detail dump

harbor235 gave you commands to debug IPSEC traffic, but it sounds like you want to see the actual traffic (payload). The command I gave you will display a mess.

Good luck,
SteveJ
0
 

Author Comment

by:trojan81
ID: 37009513
I just want to see the traffic as it comes into the inside interface about to get encrypted and sent out the outside interface where the crypto map is applied.

In short, I just want to say "yes the traffic is at least making it to the VPN router". I dont care of it enters the tunnel or not. Just want to see it arrive at the doorstep.
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 2000 total points
ID: 37009599

Like Steve J shows:

debug ip packet 150   (where 150 is acl 150)

access-list 150 permit ip 10.1.1.0 0.0.0.255 20.1.1.0 0.0.0.255
access-list 150 permit ip 200.1.1.0 0.0.0.255 20.1.1.0 0.0.0.255  
****** (assumed outside interface was 200.1.1.0/24*****

router# term mon
router(config#) logging con

harbor235 ;}





   
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question