Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Troubleshoot of VPN packets

Posted on 2013-06-23
5
Medium Priority
?
463 Views
Last Modified: 2013-07-09
Hi,

Can any one give the Troubleshoot steps of a VPN traffic

Scenario :

                           VPN client PC
                                 |
                                 |
                           Internet
                                 |
                                 |

                               ASA
                                  |
                              LAN server

requirement :

If a PC can not comunicate the LAN server

How to capture the packets through VPN

In capture , what is source IP and Destination IP for VPN traffic

Regards
Ramu
0
Comment
Question by:RAMU CH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Expert Comment

by:Vijay Pratap Singh
ID: 39270345
Use wireshark to capture packets and find all the information

xD
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 39270368
Pls tell me what is the Packet structuer through VPN tunnel

What is Source IP and Destination ip while intilating the request  and
while replying the request , what is the Source IP and Destination IP

Regards
Ramu
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1500 total points
ID: 39270571
The encrypted packet always has public IPs as source and destination. The IPSec payload contains only private IPs. So you have to consider at which point you are monitoring traffic all the time. The device/machine encrypting sees both kinds of traffic, any other device/machine only unencrypted  or encrypted.

If you use WireShark on a PC not connected directly to the Internet (and different from the VPN Client PC), you will only see unencrypted, private traffic.
On ASA you should be able to have both available, depending on the debugging commands you use.
The client PC acts with its VPN IP. You should be able to see both unencrypted and VPN (encrypted) traffic here.

As you can see, there are lot of points you can monitor traffic. If you do not know IOS, WireShark on both client and target PC with filter of (IPSec) source and target IPs gives a good idea. Probably you won't get around debugging your ASA, though, as only there you will see if traffic is rejected, dismissed or translated the wrong way (in regard of IP addresses).
0
 
LVL 20

Expert Comment

by:rauenpc
ID: 39271384
Unless you are just trying to learn the process but don't actually have an issue, you probably don't need to do a packet capture to figure out why the server can't communicate with the VPN client. Posting a scrubbed config of the ASA would be a good starting point. This may simply be a NAT issue.
0
 
LVL 1

Author Closing Comment

by:RAMU CH
ID: 39310776
tks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question