Always Networks Blog - Troubleshooting

Why am I seeing packets on my server that aren't for this server?

While troubleshooting a totally unrelated issue, one of my colleagues noticed that they were seeing packets in a tcpdump that were neither destined for nor sourced from the server. This is odd, when plugged into a switch, so we started digging.

Server 1, was sending a stream of packets to Server 2 - in a different subnet somewhere. Sometimes, although rarely, these packets could be seen …

Read whole post...

CCIE Written Blueprint: 1.3.a Use IOS troubleshooting tools

1.3.a Use IOS troubleshooting tools

1.3.a (i) debug, conditional debug

Debugs can be used on a wide range of functions (debug ?). Some debugs can be very noisy. Debug conditions can be set to filter out some of the noise – for example debug condition interface fa0/0 will limit the debug information to things using that interface. Undebug all does not remove …

Read whole post...

Checkpoint VPN Error: According to the policy the packet should not have been decrypted

Magnifying Glass

I encountered an issue recently while trying to allow access to a new subnet over an existing VPN. The far end device was a Cisco router, and had an access list matching an entire class A subnet which was applied to the crypto map. The traffic destined for the new subnet was arriving at our firewall, and showing in the logs as dropped, with the …

Read whole post...