• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 492
  • Last Modified:

Troubleshoot of VPN packets

Hi,

Can any one give the Troubleshoot steps of a VPN traffic

Scenario :

                           VPN client PC
                                 |
                                 |
                           Internet
                                 |
                                 |

                               ASA
                                  |
                              LAN server

requirement :

If a PC can not comunicate the LAN server

How to capture the packets through VPN

In capture , what is source IP and Destination IP for VPN traffic

Regards
Ramu
0
RAMU CH
Asked:
RAMU CH
1 Solution
 
Vijay Pratap SinghCommented:
Use wireshark to capture packets and find all the information

xD
0
 
RAMU CHAuthor Commented:
Pls tell me what is the Packet structuer through VPN tunnel

What is Source IP and Destination ip while intilating the request  and
while replying the request , what is the Source IP and Destination IP

Regards
Ramu
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The encrypted packet always has public IPs as source and destination. The IPSec payload contains only private IPs. So you have to consider at which point you are monitoring traffic all the time. The device/machine encrypting sees both kinds of traffic, any other device/machine only unencrypted  or encrypted.

If you use WireShark on a PC not connected directly to the Internet (and different from the VPN Client PC), you will only see unencrypted, private traffic.
On ASA you should be able to have both available, depending on the debugging commands you use.
The client PC acts with its VPN IP. You should be able to see both unencrypted and VPN (encrypted) traffic here.

As you can see, there are lot of points you can monitor traffic. If you do not know IOS, WireShark on both client and target PC with filter of (IPSec) source and target IPs gives a good idea. Probably you won't get around debugging your ASA, though, as only there you will see if traffic is rejected, dismissed or translated the wrong way (in regard of IP addresses).
0
 
rauenpcCommented:
Unless you are just trying to learn the process but don't actually have an issue, you probably don't need to do a packet capture to figure out why the server can't communicate with the VPN client. Posting a scrubbed config of the ASA would be a good starting point. This may simply be a NAT issue.
0
 
RAMU CHAuthor Commented:
tks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now