VPN trace route

Discussion in 'Cisco' started by supernet, Jan 25, 2004.

  1. supernet

    supernet Guest

    have an IPSec VPN between 2 Cisco 3620 routers across the Internet. The VPN
    seems to be working fine, when I do show crypto ipsec sa, I can see data
    encrypted and decrypted. One thing bothers me is that I thought I was not
    able to trace route across the Internet since the data were encrypted in the
    VPN tunnel. But when I did trace route, I could see every hop the traffic
    flowed. Am I supposed to trace route? Or is there something wrong with my


    supernet, Jan 25, 2004
    1. Advertisements

  2. You probably forgot to specify source-address when doing the traceroute
    (source address = your tunnel ip). Try the trace command in privileged
    mode to specify src-ip.
    =?iso-8859-15?Q?Bj=F8rn_Djupvik?=, Jan 25, 2004
    1. Advertisements

  3. supernet

    supernet Guest

    Actually, I did trace route from inside LAN, not on the VPN router...
    supernet, Jan 25, 2004
  4. If you are pinging the remote vpn routers outside interface and you have
    a split tunnel this is normal. But if you are tracing to the remote LAN
    then I would suggest that something in your configuration is a miss.


    (o o)
    Out the 100Base-T, off the firewall, through the router, down
    the T1, over the leased line, off the bridge, nothing but Net.
    (Use ROT13 to see my email address)
    .oooO Oooo.
    ----------------------( )---( )-----------------------
    \ ( ) /
    \_) (_/
    Scott Enwright, Jan 26, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.