Re: [OSL | CCIE_Security] Troubleshooting

Vybhav Ramachandran Fri, 11 Jun 2010 02:14:44 -0700

When i run a capture on the outside ASA interface, i don't see the https
requests come in at all!


When i ping the asa from the Test-PC, i see the icmp echo request packets on
the ASA interface , so routing is correct. I tried hitting "http://ASA IP "
instead of "https://ASA IP" and i even see those packets.

But i don't see the https packets at all :/

This a sample trace.

I tried echo-request first , then plain http,  then https(webvpn) .
8.9.2.100 -> TEST PC , 8.9.2.20 -> ASA2 ( WEBVPN server )

09:10:06.655559 8.9.2.10 > 224.0.0.5:  ip-proto-89, length 52
   2: 09:10:08.197514 8.9.2.2 > 224.0.0.5:  ip-proto-89, length 64
   3: 09:10:10.376552 8.9.2.20 > 224.0.0.5:  ip-proto-89, length 52
   4: 09:10:16.655956 8.9.2.10 > 224.0.0.5:  ip-proto-89, length 52
   5: 09:10:17.100779 arp who-has 8.9.2.20 tell 8.9.2.100
   6: 09:10:17.101068 arp reply 8.9.2.20 is-at 0:23:4:4b:75:e6
   7: 09:10:17.102030 8.9.2.100 > 8.9.2.20: icmp: echo request
   8: 09:10:17.102457 8.9.2.20 > 8.9.2.100: icmp: echo reply
   9: 09:10:17.777929 8.9.2.2 > 224.0.0.5:  ip-proto-89, length 64
  10: 09:10:18.096873 8.9.2.100 > 8.9.2.20: icmp: echo request
  11: 09:10:18.097346 8.9.2.20 > 8.9.2.100: icmp: echo reply
  12: 09:10:19.096949 8.9.2.100 > 8.9.2.20: icmp: echo request
  13: 09:10:19.097437 8.9.2.20 > 8.9.2.100: icmp: echo reply
  14: 09:10:20.376552 8.9.2.20 > 224.0.0.5:  ip-proto-89, length 52
  15: 09:10:26.656353 8.9.2.10 > 224.0.0.5:  ip-proto-89, length 52
  16: 09:10:27.014373 8.9.2.2 > 224.0.0.5:  ip-proto-89, length 64
  17: 09:10:30.376552 8.9.2.20 > 224.0.0.5:  ip-proto-89, length 52
  18: 09:10:36.418786 8.9.2.2 > 224.0.0.5:  ip-proto-89, length 64
  19: 09:10:36.656719 8.9.2.10 > 224.0.0.5:  ip-proto-89, length 52
  20: 09:10:37.694589 169.254.3.1.137 > 169.254.3.255.137:  udp 50
  21: 09:10:38.323988 8.9.2.100.1213 > 8.9.2.20.80: S
1956516487:1956516487(0) win 65535 <mss 1260,nop,nop,sackOK>
  22: 09:10:38.444480 169.254.3.1.137 > 169.254.3.255.137:  udp 50
  23: 09:10:39.194600 169.254.3.1.137 > 169.254.3.255.137:  udp 50
  24: 09:10:40.376536 8.9.2.20 > 224.0.0.5:  ip-proto-89, length 52
  25: 09:10:41.348370 8.9.2.100.1213 > 8.9.2.20.80: S
1956516487:1956516487(0) win 65535 <mss 1260,nop,nop,sackOK>
  26: 09:10:45.731193 8.9.2.2 > 224.0.0.5:  ip-proto-89, length 64
  27: 09:10:46.657116 8.9.2.10 > 224.0.0.5:  ip-proto-89, length 52
  28: 09:10:50.376536 8.9.2.20 > 224.0.0.5:  ip-proto-89, length 52
  29: 09:10:54.755560 8.9.2.2 > 224.0.0.5:  ip-proto-89, length 64
  30: 09:10:56.657512 8.9.2.10 > 224.0.0.5:  ip-proto-89, length 52
  31: 09:11:00.376536 8.9.2.20 > 224.0.0.5:  ip-proto-89, length 52
  32: 09:11:04.091990 8.9.2.2 > 224.0.0.5:  ip-proto-89, length 64
  33: 09:11:06.657909 8.9.2.10 > 224.0.0.5:  ip-proto-89, length 52
  34: 09:11:10.376536 8.9.2.20 > 224.0.0.5:  ip-proto-89, length 52
  35: 09:11:13.501606 169.254.3.1.137 > 169.254.3.255.137:  udp 50
  36: 09:11:13.552385 8.9.2.2 > 224.0.0.5:  ip-proto-89, length 64
  37: 09:11:14.251238 169.254.3.1.137 > 169.254.3.255.137:  udp 50
  38: 09:11:15.001296 169.254.3.1.137 > 169.254.3.255.137:  udp 50
  39: 09:11:16.658291 8.9.2.10 > 224.0.0.5:  ip-proto-89, length 52
  40: 09:11:20.376536 8.9.2.20 > 224.0.0.5:  ip-proto-89, length 52
  41: 09:11:22.600783 8.9.2.2 > 224.0.0.5:  ip-proto-89, length 64

Cheers,
TacACK

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Security] Troubleshooting

Reply via email to