Share via

Azure VPN packet capture

Janne Kujanpää 236 Reputation points
2022-02-10T12:07:13.727+00:00

Documentation states following about VPN gateway/connection packet capture:

You can capture one-way or bi-directional traffic, IKE and ESP traffic, and inner packets along with filtering on a VPN gateway.

and

It's helpful to use a five-tuple filter (source subnet, destination subnet, source port, destination port, protocol) and TCP flags (SYN, ACK, FIN, URG, PSH, RST) when you're isolating problems in high-volume traffic.

I've tried multiple setting and all the packets I'm getting are encapsulated with ESP or IKE packets. What kind of settings should be used to capture S2S tunnel payload without ESP?

If that's not possible where can I fetch encryption key and authentication key to decrypt ESP encapsulation and what is the format in of keys in the given data source?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,543 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,472 questions
0 comments
Accepted answer
  1. ChaitanyaNaykodi-MSFT 26,201 Reputation points Microsoft Employee
    2022-02-10T17:27:01.467+00:00

    Hello @Janne Kujanpää , as I understood from the question you have set-up packet capture for your VPN gateway, and all the packets captured are encrypted.

    Probable Cause:
    This issue usually arises when the filter is not set to capture both inner/outer packets on the VPN Gateway packet capture.

    Proposed solution:
    You can follow this documentation to try and set the filter to "CaptureSingleDirectionTrafficOnly": false so that both inner and outer packets are captured.

    Hope this helps! Please let me know if this solution worked for you or not so that I can add a note to the VPN gateway documentation regarding the same. Thanks!

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jim McLean 0 Reputation points
    2024-07-10T18:38:00.49+00:00

    @ChaitanyaNaykodi-MSFT this issue hasn't been addressed. It took me a few hours to find this post to be able to figure out how to get the 'inner packets' include in my VPN Gateway packet capture. The portal doesn't see to allow these options (even though there are input buttons for it) and the docs don't provide this 'capture everything' example.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.