Solved

site-to-site vpn troubleshoot

Posted on 2014-04-23
3
803 Views
Last Modified: 2014-05-13
I have 3 sites site-to-site VPN with Cisco routers and I am trying to find out if there are any kind of errors in those tunnels. I look in the router logs, show crypto isakamp sa, sh crypto ipsec sa, and some show interface tunnel commands. So far I don't see any errors. Is there any other commands that I can use. Any of you experience any kind of errors in the site-to-site VPN? Thanks
0
Comment
Question by:leblanc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
Rafael earned 500 total points
ID: 40019183
You can do a couple of things.

The ASA if that is what you're using exposes a list of established site-to-site VPNs via the SNMP protocol. You can take a ook at the list of Peer IPs for established VPNs using the command:

snmpwalk -v1 -c YourSNMPCommunity 192.168.1.254
    1.3.6.1.4.1.9.9.171.1.2.3.1.7


You can also issue the"show ip nat translation" command after you initiated the VPN from the ASA to see if your destination ip gets natted properly.

Another way is to use "debug ip packet" on the router to check what happens. This should be used with care as debugging will put a high load on the router, You should use an acl to limit the packets you're debugging to avoid this.

VPN#2#sh vpn-sessiondb detail l2l filter ipaddress X.X.X.X <---- IP Address

When you do the above step, check to see if you have “Bytes Tx and Rx”. If so this means your tunnel is active and data packets are passing into it. You can also check the “Duration” this is the tunnel uptime.

Hope these few help.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40019200
Thanks for the tips. I don't have any ASA.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40024022
Anybody else? Thanks
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question