[c-nsp] How to debug this?

Tuc at T-B-O-H.NET ml at t-b-o-h.net
Wed Feb 14 14:46:24 EST 2007


> 
> On Wed, 14 Feb 2007, Tuc at T-B-O-H.NET wrote:
> 
> > Hi,
> > 
> > 	It looks like the only unix machine at my remote site
> > has decided to take a VERY long nap, and my "remote hands" 
> > person is unavailable due to weather.
> > 
> > 	I have 2 3640's with an IPSEC/GRE tunnel between
> > them. When I try to ping from one end to something on
> > the E0/0 interface, I don't get a reply. I would think
> > even though the 3640 at the end point ISN'T the default
> > route, it would come back via its standard default route.
> > 
> > 	What debug can I do just on the remote end 
> > using the 3640 to see whats happening with the packets
> > that come in over the tunnel, and I'm not sure they
> > are making it out the E0/0.
> 
> Drop in a permissive ACL with a logging statement on the interfaces you 
> expect the traffic to go through. Exercise caution if this is a heavily 
> traffic'd interface.
> 
> Also, check your arp cache.
> 
	Ok, done... But all I see is :

.Feb 14 14:40:09 EST: %SEC-6-IPACCESSLOGDP: list 123 permitted icmp 204.107.90.128 (Tunnel0 ) -> 192.168.3.247 (0/0), 41 packets 

	Yes, I tried to ping from 204.107.90.128, yes, it was supposed
to go through the tunnel, yes it was icmp, no there weren't 41 of them
that I know of, only 20, and yes, the destination was 192.168.3.247,
and yes, it should be able to be seen off the 0/0 interface. But I
have the access list of :

access-list 123 permit ip any any log-input

	on both tunnel0 and eth0/0, shouldn't I have seen it 
go out the eth0/0 also?

	Hrm, now without any more pinging I see :

.Feb 14 14:42:09 EST: %SEC-6-IPACCESSLOGP: list 123 permitted udp 204.107.90.128(0) (Tunnel0 ) -> 192.168.3.247(0), 8 packets 
.Feb 14 14:43:09 EST: %SEC-6-IPACCESSLOGDP: list 123 permitted icmp 192.168.3.247 (Ethernet0/0 0040.8c44.3bf9) -> 192.168.3.111 (0/0), 4 packets

	Whats happening?

			Thanks, Tuc


More information about the cisco-nsp mailing list