Cannot see incoming ESP packets with a packet capture.

Forum|Forum|5 years ago
March 18, 2021
1 reply
8114 views

Hi, I am not able to see any incoming ESP packet when running a packet capture in FortiGate. The tunnel is UP and running, everything is working find, but if I check the traffic, I just can see outgoing ESP packets but not incoming ones. I have a lot of FortiGates devices and same happens in all of them. Am I missing something? Thanks?

emnoc

New Member

Yes, are you specifying the right interface ? If you do the following

diag sniffer packet any "src host x.x.x.x and proto 50" where x.x.x.x is the remote-gateway ?

And lastly confirm the exact remote-gw ipv4 address is correct.

Ken Felix

Toshi_Esumi

SuperUser

Or, are you sure it's not encapsulated in UDP 4500 because of NAT traversal? Just sniff everything against the remote-gw IP first.

amoralesAuthor

New Member

I have found the reason, it was due to acceleration. After disabling the acceleration in the phase1-Interface, I can see now traffic flowing in both directions.

config vpn ipsec phase1/phase1-interface edit "vpn_name" set npu-offload enable/disable next end

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded