Solved

Troubleshoot of VPN packets

Posted on 2013-06-23
5
417 Views
Last Modified: 2013-07-09
Hi,

Can any one give the Troubleshoot steps of a VPN traffic

Scenario :

                           VPN client PC
                                 |
                                 |
                           Internet
                                 |
                                 |

                               ASA
                                  |
                              LAN server

requirement :

If a PC can not comunicate the LAN server

How to capture the packets through VPN

In capture , what is source IP and Destination IP for VPN traffic

Regards
Ramu
0
Comment
Question by:RAMU CH
5 Comments
 
LVL 6

Expert Comment

by:Vijay Pratap Singh
ID: 39270345
Use wireshark to capture packets and find all the information

xD
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 39270368
Pls tell me what is the Packet structuer through VPN tunnel

What is Source IP and Destination ip while intilating the request  and
while replying the request , what is the Source IP and Destination IP

Regards
Ramu
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39270571
The encrypted packet always has public IPs as source and destination. The IPSec payload contains only private IPs. So you have to consider at which point you are monitoring traffic all the time. The device/machine encrypting sees both kinds of traffic, any other device/machine only unencrypted  or encrypted.

If you use WireShark on a PC not connected directly to the Internet (and different from the VPN Client PC), you will only see unencrypted, private traffic.
On ASA you should be able to have both available, depending on the debugging commands you use.
The client PC acts with its VPN IP. You should be able to see both unencrypted and VPN (encrypted) traffic here.

As you can see, there are lot of points you can monitor traffic. If you do not know IOS, WireShark on both client and target PC with filter of (IPSec) source and target IPs gives a good idea. Probably you won't get around debugging your ASA, though, as only there you will see if traffic is rejected, dismissed or translated the wrong way (in regard of IP addresses).
0
 
LVL 20

Expert Comment

by:rauenpc
ID: 39271384
Unless you are just trying to learn the process but don't actually have an issue, you probably don't need to do a packet capture to figure out why the server can't communicate with the VPN client. Posting a scrubbed config of the ASA would be a good starting point. This may simply be a NAT issue.
0
 
LVL 1

Author Closing Comment

by:RAMU CH
ID: 39310776
tks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now