Use TCPdump to capture the live traffic by using the below command.

For LAN traffic

# tcpdump -nni eth0 host 192.168.0.2

Note: eth0 is LAN interface and 192.168.0.2 is server IP.

For WAN IPsec Traffic

# tcpdump -nni eth2 esp

Note: eth2 is WAN interface and ESP shows encrypted packet

tcpdump -nni eth1 port 500 or port 4500

eth1 - WAN Interface

tcpdump -nni any host 192.168.2.32 and 192.168.3.244

IPSec VPN Troubleshooting Decision Diagram

[IPSec VPN Troubleshooting Decision Diagram-CyberBruhArmy - https://cyberbruharmy.gumroad.com/ ](https://cyberbruharmy.notion.site/IPSec-VPN-Troubleshooting-Decision-Diagram-CyberBruhArmy-https-cyberbruharmy-gumroad-com-ae2f54ec43ea4c32a407d275cf0077a6)

Potential issues that can occur on IPSec site-to-site VPN