Why not just look at the IPSec SA for encaps/decaps packets? Just ensure that the correct SA has incrementing counters when you send traffic.
Hope this helps! Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 [email protected] http://www.dpsciences.com/ -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Simon Baumann Sent: Saturday, May 09, 2009 9:51 AM To: [email protected] Subject: [OSL | CCIE_Security] Verifying DMVPN traffic path. Hi, I modified Lab7B running OSPF instead of running EIGRP. How could I verify that the traffic from R2 is sent to R5 without passing R6? Is a simple traceroute enough? My routing table shows that the subnet behind R5 is reachable via R6. That looks strange to me. Cheers Simon
