Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

site-to-site vpn troubleshoot

Posted on 2014-04-23
3
Medium Priority
?
855 Views
Last Modified: 2014-05-13
I have 3 sites site-to-site VPN with Cisco routers and I am trying to find out if there are any kind of errors in those tunnels. I look in the router logs, show crypto isakamp sa, sh crypto ipsec sa, and some show interface tunnel commands. So far I don't see any errors. Is there any other commands that I can use. Any of you experience any kind of errors in the site-to-site VPN? Thanks
0
Comment
Question by:leblanc
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
Rafael earned 2000 total points
ID: 40019183
You can do a couple of things.

The ASA if that is what you're using exposes a list of established site-to-site VPNs via the SNMP protocol. You can take a ook at the list of Peer IPs for established VPNs using the command:

snmpwalk -v1 -c YourSNMPCommunity 192.168.1.254
    1.3.6.1.4.1.9.9.171.1.2.3.1.7


You can also issue the"show ip nat translation" command after you initiated the VPN from the ASA to see if your destination ip gets natted properly.

Another way is to use "debug ip packet" on the router to check what happens. This should be used with care as debugging will put a high load on the router, You should use an acl to limit the packets you're debugging to avoid this.

VPN#2#sh vpn-sessiondb detail l2l filter ipaddress X.X.X.X <---- IP Address

When you do the above step, check to see if you have “Bytes Tx and Rx”. If so this means your tunnel is active and data packets are passing into it. You can also check the “Duration” this is the tunnel uptime.

Hope these few help.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40019200
Thanks for the tips. I don't have any ASA.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40024022
Anybody else? Thanks
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question