I have a site-to-site VPN tunnel with a Cisco ASA connected to an Adtran Netvanta. We think split tunneling is configured properly, but it would be nice to know for sure. Looking for guidance on how to confirm this using Wireshark...if possible. Any assistance would be greatly appreciated! asked 08 Aug '12, 15:44  sotelbrad |
One Answer:
besides looking at the configuration (which I would prefer), you could capture traffic between the two VPN devices and check if there is any unencrypted traffic for networks that should be encrypted. In your setup, unencrypted means to see any traffic for the "protected/Internal" networks on the External side, as that means the traffic is not routed into the VPN tunnel.
Capture somewhere in the External Network. Please take a look at the Capture Setup to learn how to do that. Then use this capture filter:
Please replace the networks with whatever network should be encrypted (routed into the VPN tunnel). Start Wireshark (with the capture filter) and then do some ping/tcp/udp tests to those networks. You should NOT see any traffic in Wireshark, if the VPN tunnel works properly. Another option would be to capture on the ASA itself, however that includes the risk to capture traffic before it gets encrypted, if not done properly. I recommend to capture off box, to be really sure! Yet another option would be the ASA packet tracer link#1 / link#2 Regards answered 08 Aug '12, 16:32  Kurt Knochner ♦ edited 08 Aug '12, 16:43 |
Brilliant! I used the packet capture in Cisco ASDM. It appears the split tunnel is working properly since traffic on the egress/outside interface is unencrypted when browsing a web page on the public internet. Thanks for the advice, Kurt!