Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Troubleshoot of VPN packets

Posted on 2013-06-23
5
Medium Priority
?
468 Views
Last Modified: 2013-07-09
Hi,

Can any one give the Troubleshoot steps of a VPN traffic

Scenario :

                           VPN client PC
                                 |
                                 |
                           Internet
                                 |
                                 |

                               ASA
                                  |
                              LAN server

requirement :

If a PC can not comunicate the LAN server

How to capture the packets through VPN

In capture , what is source IP and Destination IP for VPN traffic

Regards
Ramu
0
Comment
Question by:RAMU CH
5 Comments
 
LVL 6

Expert Comment

by:Vijay Pratap Singh
ID: 39270345
Use wireshark to capture packets and find all the information

xD
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 39270368
Pls tell me what is the Packet structuer through VPN tunnel

What is Source IP and Destination ip while intilating the request  and
while replying the request , what is the Source IP and Destination IP

Regards
Ramu
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1500 total points
ID: 39270571
The encrypted packet always has public IPs as source and destination. The IPSec payload contains only private IPs. So you have to consider at which point you are monitoring traffic all the time. The device/machine encrypting sees both kinds of traffic, any other device/machine only unencrypted  or encrypted.

If you use WireShark on a PC not connected directly to the Internet (and different from the VPN Client PC), you will only see unencrypted, private traffic.
On ASA you should be able to have both available, depending on the debugging commands you use.
The client PC acts with its VPN IP. You should be able to see both unencrypted and VPN (encrypted) traffic here.

As you can see, there are lot of points you can monitor traffic. If you do not know IOS, WireShark on both client and target PC with filter of (IPSec) source and target IPs gives a good idea. Probably you won't get around debugging your ASA, though, as only there you will see if traffic is rejected, dismissed or translated the wrong way (in regard of IP addresses).
0
 
LVL 20

Expert Comment

by:rauenpc
ID: 39271384
Unless you are just trying to learn the process but don't actually have an issue, you probably don't need to do a packet capture to figure out why the server can't communicate with the VPN client. Posting a scrubbed config of the ASA would be a good starting point. This may simply be a NAT issue.
0
 
LVL 1

Author Closing Comment

by:RAMU CH
ID: 39310776
tks
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month10 days, 16 hours left to enroll

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question