IPSEC Troubleshooting on Cisco Firepower by FMC
This is a very important issue to set up a proper IPsec tunnel. By the way, I won't tell you how to set up an IPSEC tunnel on Firepower Threat Defense(FTD). I will give a link for setting up the IPsec tunnel. The link is this.
Login FMC; Devices>Device Management>Troubleshooting
Click on Advanced Troubleshooting button.
There are many options on FMC for troubleshooting.
I have a lab to test the IPSEC tunnel created with Eve-ng. I will do some tests in this lab. I have set up an IPSEC tunnel between firepower and the Cisco router.
click on Add Capture button.
I will try to send a ping packet from 192.168.100.0/24 to 192.168.45.0/24 and then take a capture on FMC.
Progress is running and zero packets are on there.
After throwing the ping packet we see the below log. FMC Capture w/Trace collects some logs. But it is not useful for us because it doesn't give us any detail about IPSEC. it gives a firewall level log(allow or deny). When you download the .pcap log file, you will see the full data capture, but it is not useful for us either. At this section, you can see whether the packet is stuck or not in the firewall rules.
Now I changed the preshared-key on the IPSEC tunnel. I want to see the differences in the log. I can't see any differences on the log. I need to look at a different place.
This is already in my eye. This section is only for VPN connection troubleshooting.
Ok, we caught the error :) we can get detailed log about vpn connection from this part.
Thanks for reading.
Comments