Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
0
Helpful
2
Replies

Debugging VPN Concentrator

amk_gremlin
Level 1
Level 1

‎11-26-2007 08:48 AM - edited ‎02-21-2020 03:23 PM

Hi all,

I have a 7206VXR which serves as a VPN concentrator. In fact, there are several dozens of VPNs defined on this machine. For some reason, a recently defined VPN doesn't reach the QM_IDLE state (it stops at MM_NO_STATE). Obviously, it doesn't work.

Every VPN is placed into different VRF so there is no connection among the tunnels. But it seems that the "debug crypto isakamp" command doesn't have any extension regarding VRFs or debugging a particular gateway. So running the "crypto isakamp" debug isn't quite helpful. The problem is that it gives every piece of information it can regarding all gateways and does not separate between them. So all I have it's a huge mess of a debug output.

How can I restrict the "crypto isakamp" debug to a particular gateway / VRF?

Alex.

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎11-26-2007 11:13 AM

Alex-

You can use an ACL for filtering debug. Here' a link. http://articles.techrepublic.com.com/5100-1035-5917591.html

HTH and please rate.

0 Helpful

amk_gremlin
Level 1
Level 1

‎11-26-2007 04:02 PM

Thank you guys,

I've found the answer:

Crypto Conditional Debug Support - http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a7586.html

Alex.

0 Helpful
Customers Also Viewed These Support Documents