Packet capture for an IPSec tunnel

Cisco IPSec tunnel need to find out who is the final destination of a file copy through the tunnel
packet capture won’t show me the true destination host. I see the peer ip and destination is the public ip of the asa

Example user initiates a copy through the tunnel I am trying to identify which host is initiating this copy
jac1991Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
What we do for Juniper and Cisco RV units is to enable (turn on) Logging.

Then, once Logs have been enabled, review traffic logs.  That is where the IPsec traffic is recorded so that is the best way to do it.
jac1991Author Commented:
John the logs aren’t showing which hosts are using the IPSec tunnel
JohnBusiness Consultant (Owner)Commented:
You can try Wireshark or CommView (Tamosoft) to capture and analyze packets. You would need to look at each packet to try to determine tunnel traffic.  I think it will be very painstaking.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocol Security

From novice to tech pro — start learning today.