?
Solved

site-to-site vpn troubleshoot

Posted on 2014-04-23
3
Medium Priority
?
830 Views
Last Modified: 2014-05-13
I have 3 sites site-to-site VPN with Cisco routers and I am trying to find out if there are any kind of errors in those tunnels. I look in the router logs, show crypto isakamp sa, sh crypto ipsec sa, and some show interface tunnel commands. So far I don't see any errors. Is there any other commands that I can use. Any of you experience any kind of errors in the site-to-site VPN? Thanks
0
Comment
Question by:leblanc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
Rafael earned 2000 total points
ID: 40019183
You can do a couple of things.

The ASA if that is what you're using exposes a list of established site-to-site VPNs via the SNMP protocol. You can take a ook at the list of Peer IPs for established VPNs using the command:

snmpwalk -v1 -c YourSNMPCommunity 192.168.1.254
    1.3.6.1.4.1.9.9.171.1.2.3.1.7


You can also issue the"show ip nat translation" command after you initiated the VPN from the ASA to see if your destination ip gets natted properly.

Another way is to use "debug ip packet" on the router to check what happens. This should be used with care as debugging will put a high load on the router, You should use an acl to limit the packets you're debugging to avoid this.

VPN#2#sh vpn-sessiondb detail l2l filter ipaddress X.X.X.X <---- IP Address

When you do the above step, check to see if you have “Bytes Tx and Rx”. If so this means your tunnel is active and data packets are passing into it. You can also check the “Duration” this is the tunnel uptime.

Hope these few help.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40019200
Thanks for the tips. I don't have any ASA.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40024022
Anybody else? Thanks
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question