Thursday, 22 November 2012

trouble shooting cisco remote access vpn

These are just general trouble shooting steps, I will attempt to update later with commands.
  • Usually the first step is to try to identify what changed last.
  • Check the client side and the firewall side for changes.
  • Remember there could be a 3rd party inbetween you and the client.
  • Remember its possible that nothing has changed, you could have encountered a bug.

Once the usual items are out of the way
  • Get the clients public IP by sending them to a whatsmyip site.
  • Get the client to send you their pcf file, confirm all settings are correct.
  • Configure the cisco VPN client for logging.
  • Configure the firewall to display logs.
  • Attempt to connect the VPN, check the log on both sides to identify the issue.
  • You may need to run a capture of the outside interface on the firewall also.
  • If you still can't find the cause engage Cisco support if available.
  • You may need to reload the firewall or failover to the standby fw if once exists.

Its possible to install diagnostic files into cisco anyconnect
Posted by at No comments:
Labels: , ,

Tuesday, 6 November 2012

find what port an ip is connected to on your cisco device

1 - ping your broadcast address so it will be in the arp table
ping  192.168.1.255

2 - Display the arp table, get the mac address
show arp | i 192.168.1.100

3 - search the mac address table for the mac address, this will tell you what port its connected to
sh mac address-table | i aaaa.bbbb.cccc

other commands that can help:
show cdp neighbors detail (only works with all cisco devices and if its enabled)
sh ip device tracking interface gigabitEthernet <Interface> (only works if enabled)
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)