[c-nsp] VPN traffic
Ryan West
rwest at zyedge.com
Wed Nov 18 08:24:26 EST 2009
Hi,
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Mikisa Richard
> Sent: Wednesday, November 18, 2009 7:40 AM
>
> Dear all,
>
> In trying to troubleshoot VPN traffic on a Cisco ASA 5520, is it
> possible to
> debug the actual traffic in the tunnel. Scenario: Site to site tunnel
> comes
> up but either side cannot reach the remote nodes beyond the firewalls.
>
Can you describe your scenario in a little more detail? Is the firewall inline with all traffic? If it's not, you're probably hitting a routing issue. With just informational level buffer logging, you should be able to see why the traffic might be failing. If you want to process the traffic through your ACLs and watch for hits there, you can disable sysopt permit-vpn.
-ryan
More information about the cisco-nsp
mailing list