Wire shark

Reply
Highlighted
L4 Transporter

Wire shark

I am trying to troubleshoot why I am having issues with a certain VPN router device through the PA 3020 firewall, This is the message on the packet capture

ISAKMP Identity protection (main mode).

I am new to firewall and if there are any other troubleshooting methods I can use I would appreciate the advice. commands, gui anything

Highlighted
L5 Sessionator

Re: Wire shark

Hi Infotech,

If firewall is just a pass through device for vpn connection, you will only see encrypted packets in the packet capture. This packet will also be one of them. From PA's perspective, you can verify if the firewall is dropping any packets from source and destination in question. If not, you will have to look for vpn end devices. If firewall is dropping packets, we can further look at the counters to see reason behind it. 

Highlighted
L4 Transporter

Re: Wire shark

Yes the VPN router just resides behind the firewall and goes through the firewall to a remote desitnation at a vendor location. The vendor say that the tunnel to our location are in an up/down state, and I am unable to ping,from command line on our server, their remote destination IP's.  I am not sure if the firewall is blocking packets going in or out for sure not sure the best tool in the PA or outside the PA to determine that.

Highlighted
L5 Sessionator

Re: Wire shark

Hi Infotech,

You can do packet capture on PAN for the source/destination ip of VPN end points and see if there are any drops from PAN. That should verify if you need to look into other device. Here is a link to do pcap on PAN :

https://live.paloaltonetworks.com/docs/DOC-3265

Hope that helps.

Highlighted
L4 Transporter

Re: Wire shark

Thanks those were excellent step by step instructions on doing a packet capture, so now how do I interpret the information so I know what the issue is and how to fix it

Highlighted
L5 Sessionator

Re: Wire shark

Now, if you capture the traffic between the vpn end points (source and destination) on PAN and if you see any drops, that could be of concern and we have to see why PAN is dropping the packets. If we do not see any drops, then you can look for other device that might be causing the issue.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!