I'm looking for a way to see traffic that is being dumped on a PIX VPN Connection. I have Syslog set up to log all incoming packets and Denys and that is working, though it does not seem to be logging the packets that the VPN does not care about.
I have a VPN between 2 PIXes and both sides have other subnets behind them
10.1.x.y PIX Internet PIX
10.2 can see everything
10.6 can only see 10.2
10.1 can see 10.2, 10.3
10.3 can see 10.2, 10.1
Can I set up a capture or something in the Syslog to help me figure out where my issue in my Config is?
You have many cookbooks regarding VPN scenarios on Cisco.com.
You can see dropped packets with "sh log | inc ... and open connections with show conn, so try to troubleshoot your connection. Also check your routing and ACL which defines which traffic should be encryped, and which traffic should be involved in NAT (if you have one).
From Each Site I have ACLs in the format PIX H access-list extended permit ip object-group NETWORK-HBG-VPN object-group NETWORK-SF-VPN access-list extended permit ip object-group NETWORK-HBG-VPN object-group NETWORK-OLIVET-VPN
PIX S access-list extended permit ip object-group NETWORK-SF-VPN object-group NETWORK-HBG-VPN
access-list extended permit ip object-group NETWORK-SF-VPN object-group NETWORK-OLIVET-VPN
I think I need to be a member of the Hair Club for men. I dont have much left.
Thanks, Scott You have many cookbooks regarding VPN scenarios on Cisco.com.