Solved

site-to-site vpn troubleshoot

Posted on 2014-04-23
3
766 Views
Last Modified: 2014-05-13
I have 3 sites site-to-site VPN with Cisco routers and I am trying to find out if there are any kind of errors in those tunnels. I look in the router logs, show crypto isakamp sa, sh crypto ipsec sa, and some show interface tunnel commands. So far I don't see any errors. Is there any other commands that I can use. Any of you experience any kind of errors in the site-to-site VPN? Thanks
0
Comment
Question by:leblanc
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
Rafael earned 500 total points
ID: 40019183
You can do a couple of things.

The ASA if that is what you're using exposes a list of established site-to-site VPNs via the SNMP protocol. You can take a ook at the list of Peer IPs for established VPNs using the command:

snmpwalk -v1 -c YourSNMPCommunity 192.168.1.254
    1.3.6.1.4.1.9.9.171.1.2.3.1.7


You can also issue the"show ip nat translation" command after you initiated the VPN from the ASA to see if your destination ip gets natted properly.

Another way is to use "debug ip packet" on the router to check what happens. This should be used with care as debugging will put a high load on the router, You should use an acl to limit the packets you're debugging to avoid this.

VPN#2#sh vpn-sessiondb detail l2l filter ipaddress X.X.X.X <---- IP Address

When you do the above step, check to see if you have “Bytes Tx and Rx”. If so this means your tunnel is active and data packets are passing into it. You can also check the “Duration” this is the tunnel uptime.

Hope these few help.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40019200
Thanks for the tips. I don't have any ASA.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40024022
Anybody else? Thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
OnPage: Incident management and secure messaging on your smartphone
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question