Solved

site-to-site vpn troubleshoot

Posted on 2014-04-23
3
742 Views
Last Modified: 2014-05-13
I have 3 sites site-to-site VPN with Cisco routers and I am trying to find out if there are any kind of errors in those tunnels. I look in the router logs, show crypto isakamp sa, sh crypto ipsec sa, and some show interface tunnel commands. So far I don't see any errors. Is there any other commands that I can use. Any of you experience any kind of errors in the site-to-site VPN? Thanks
0
Comment
Question by:leblanc
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
Rafael earned 500 total points
ID: 40019183
You can do a couple of things.

The ASA if that is what you're using exposes a list of established site-to-site VPNs via the SNMP protocol. You can take a ook at the list of Peer IPs for established VPNs using the command:

snmpwalk -v1 -c YourSNMPCommunity 192.168.1.254
    1.3.6.1.4.1.9.9.171.1.2.3.1.7


You can also issue the"show ip nat translation" command after you initiated the VPN from the ASA to see if your destination ip gets natted properly.

Another way is to use "debug ip packet" on the router to check what happens. This should be used with care as debugging will put a high load on the router, You should use an acl to limit the packets you're debugging to avoid this.

VPN#2#sh vpn-sessiondb detail l2l filter ipaddress X.X.X.X <---- IP Address

When you do the above step, check to see if you have “Bytes Tx and Rx”. If so this means your tunnel is active and data packets are passing into it. You can also check the “Duration” this is the tunnel uptime.

Hope these few help.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40019200
Thanks for the tips. I don't have any ASA.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40024022
Anybody else? Thanks
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now