debug crypto isakmp on ASA

Unanswered Question
Dec 11th, 2007
User Badges:


I have an ASA and would like to see why my ipsec tunnel is not coming up.

I enable logging. and then type in "debug crypto isakmp", but see nothing, in old pix could, it was so easy to troubleshoot but with 7.x code is there a good command to see debug output?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
husycisco Tue, 12/11/2007 - 11:31
User Badges:
  • Gold, 750 points or more

Hi Navin


debug crypto isakmp 50

Also using syslogs is really useful. You know ASDM has one built-in. Set the loggig level to notifications


JORGE RODRIGUEZ Tue, 12/11/2007 - 11:37
User Badges:
  • Green, 3000 points or more

if doing the debug from telnet session you need to enable terminal monitor, try this.

ciscoasa#terminal monitor

then use your debug , to disable it issue terminal no monitor


Jorge Fri, 12/14/2007 - 12:34
User Badges:

Quick trick, since debug can run away on you making it hard to enter commands. do this enter the NO version of the command first then enter the command like.

no debug crypto isa

debug crypto isa

that way if it takes off all you do is hit up arrow once and return to end the command.


This Discussion