11-26-2007 08:48 AM - edited 02-21-2020 03:23 PM
Hi all,
I have a 7206VXR which serves as a VPN concentrator. In fact, there are several dozens of VPNs defined on this machine. For some reason, a recently defined VPN doesn't reach the QM_IDLE state (it stops at MM_NO_STATE). Obviously, it doesn't work.
Every VPN is placed into different VRF so there is no connection among the tunnels. But it seems that the "debug crypto isakamp" command doesn't have any extension regarding VRFs or debugging a particular gateway. So running the "crypto isakamp" debug isn't quite helpful. The problem is that it gives every piece of information it can regarding all gateways and does not separate between them. So all I have it's a huge mess of a debug output.
How can I restrict the "crypto isakamp" debug to a particular gateway / VRF?
Alex.
11-26-2007 11:13 AM
Alex-
You can use an ACL for filtering debug. Here' a link. http://articles.techrepublic.com.com/5100-1035-5917591.html
HTH and please rate.
11-26-2007 04:02 PM
Thank you guys,
I've found the answer:
Crypto Conditional Debug Support - http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a7586.html
Alex.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide