How can I debug VPN connections on a Cisco ASA?

whiteford · ‎04-03-2008

Hi,

I have a Cisco ASA and I am trying to get a Cisco 877 DSL router connected to it using the ASDM VPN wizard, but can't.

I have just had the 877 DSL router connect to my Cisco Concentrator and have simlpy changed the peer address on the router to now point to the ASA's external IP instead of the Concentrator. The Concentrator is good because I like it's real-time event viewer and it can tell me if the Concentrator is even seeing the connection attempt, but how can I dall this on the ASA?

Thanks

srue · ‎04-03-2008

debug crypto isakmp

debug crypto ipsec

whiteford · ‎04-04-2008

Can I do anything through the ASDM?

Plus how do I undebug those commands?

phillipediab · ‎04-10-2008

you can enable logging debug to the asdm and see the loggin messages on the asdm console. "un all" should stop the debug

phillipediab · ‎04-10-2008

you can enable logging debug to the asdm and see the loggin messages on the asdm console. "un all" should stop the debug

phillipediab · ‎04-10-2008

you can enable logging debug to the asdm and see the loggin messages on the asdm console. "un all" should stop the debug

whiteford · ‎04-11-2008

Thanks, what's the best way to show the VPN's up via CLI?

srue · ‎04-11-2008

show isa sa

- that will show the status of phase 1

show cry ipsec sa

- that will show the status of phase 2, as well as number of encrypted/decrypted packets

phillipediab · ‎04-11-2008

this command also help

show vpn-sessiondb detail l2l