This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Wire shark

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Wire shark

infotech
L4 Transporter

‎04-16-2014 06:10 AM

I am trying to troubleshoot why I am having issues with a certain VPN router device through the PA 3020 firewall, This is the message on the packet capture

ISAKMP Identity protection (main mode).

I am new to firewall and if there are any other troubleshooting methods I can use I would appreciate the advice. commands, gui anything

0 Likes Likes
5 REPLIES 5

ssharma
L5 Sessionator

‎04-16-2014 07:00 AM

Hi Infotech,

If firewall is just a pass through device for vpn connection, you will only see encrypted packets in the packet capture. This packet will also be one of them. From PA's perspective, you can verify if the firewall is dropping any packets from source and destination in question. If not, you will have to look for vpn end devices. If firewall is dropping packets, we can further look at the counters to see reason behind it. 

0 Likes Likes

infotech
L4 Transporter
In response to ssharma

‎04-16-2014 07:34 AM

Yes the VPN router just resides behind the firewall and goes through the firewall to a remote desitnation at a vendor location. The vendor say that the tunnel to our location are in an up/down state, and I am unable to ping,from command line on our server, their remote destination IP's.  I am not sure if the firewall is blocking packets going in or out for sure not sure the best tool in the PA or outside the PA to determine that.

0 Likes Likes

ssharma
L5 Sessionator
In response to infotech

‎04-16-2014 09:32 AM

Hi Infotech,

You can do packet capture on PAN for the source/destination ip of VPN end points and see if there are any drops from PAN. That should verify if you need to look into other device. Here is a link to do pcap on PAN :

https://live.paloaltonetworks.com/docs/DOC-3265

Hope that helps.

infotech
L4 Transporter
In response to ssharma

‎04-16-2014 10:23 AM

Thanks those were excellent step by step instructions on doing a packet capture, so now how do I interpret the information so I know what the issue is and how to fix it

0 Likes Likes

ssharma
L5 Sessionator
In response to infotech

‎04-16-2014 12:37 PM

Now, if you capture the traffic between the vpn end points (source and destination) on PAN and if you see any drops, that could be of concern and we have to see why PAN is dropping the packets. If we do not see any drops, then you can look for other device that might be causing the issue.

0 Likes Likes
  • 2860 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks