Friday, May 22, 2015

Packet Capture: VPN Troubleshooting

There are some edge devices that don't necessarily make it easy to troubleshoot vpns.  So a packet capture is in order.  In this scenario, something isn't right on the vpn.  I cant get traffic across from one side to the other.  It appears that, on the customer side that I'm visiting, the traffic is not making it to the other side of the vpn.  The customer doesn't have a reliable way to determine "what" the problem is.  So I'm going to take a packet capture on the public side of the firewall to see if I can tell anything interesting.
Notice the source below.  You shouldn't see the private address as the source address, but you do. I am expecting to see a public address (my peer) as the source and a public address (their peer) as the destination.  I know this because of where I'm placing my packet capture.  Again, keep packet captures as a integral part of your troubleshooting capabilities.

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.