Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
06-20-2014 06:42 AM
Here is some traffic being sent from my DMZ to the internet and I am trying to determine whats happening. How would the community read this information
Session 192980
c2s flow:
source: 172.17.1.5 [DR-DMZ]
dst: 199.169.208.244
proto: 17
sport: 500 dport: 500
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown
pbf rule: Fedline 12
s2c flow:
source: 199.169.208.244 [Outside]
dst: 66.94.196.101
proto: 17
sport: 500 dport: 500
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown
start time : Tue Jun 17 14:25:00 2014
timeout : 600 sec
time to live : 600 sec
total byte count(c2s) : 7012782
total byte count(s2c) : 0
layer7 packet count(c2s) : 23853
layer7 packet count(s2c) : 0
vsys : vsys1
application : ike
rule : Rule 6
session to be logged at end : True
session in session ager : True
session synced from HA peer : False
address/port translation : source + destination
nat-rule : Fedline_DR(vsys1)
layer7 processing : completed
URL filtering enabled : True
URL category : any
session via syn-cookies : False
session terminated on host : False
session traverses tunnel : False
captive portal session : False
ingress interface : vlan.999
egress interface : ethernet1/3
session QoS rule : N/A (class 4)
session tracker stage l7proc : ctd err sw
07-01-2014 12:26 PM
I have done both but there is so much information is there a way to filter it only to what I want to look at?
07-01-2014 12:53 PM
Hello Infotech,
Please use CLI command: > show log system subtype equal vpn
Sample output:
2014/02/04 10:29:42 info vpn ASA ike-neg 0 IKE phase-1 negotiation is succeeded as initiator, main mode. Established SA: 10.66.24.40[500]-10.66.2
4.9[500] cookie:a34a2c0783841e70:43259ffd7e304ad6 lifetime 28800 Sec.
Thanks
07-01-2014 01:07 PM
I am not seeing anything in logs in regard to the tunnel which should be created by the fortinet and pass through my PA. the VPN tunnel is not and should not be created by the PA
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
