×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Easy VPN debugging ?

Answered Question
Jul 17th, 2008
User Badges:

Hi we are experiencing problems with a customer who is connecting to our Cisco 2800 via EasyVPN. I would like to know the exactly effective right way to debug and troubleshoot and EasyVPN tunnel. Thank you.

Correct Answer by Daniel Voicu about 9 years 1 month ago

No, you cannot filter the debug.

However, if you have problems with only 1 connection, only this one should be in the debug.

The working VPNs will give little or no debug messages (only at rekey or termination).


Please rate if this helped.


Regards,

Daniel

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (3 ratings)
Loading.
Daniel Voicu Thu, 07/17/2008 - 06:01
User Badges:
  • Silver, 250 points or more

Hi,


terminal monitor

debug crypto isakmp

debug crypto ipsec


sh crypto isakmp sa

sh crypto ipsec sa


If you are using AAA servers for authentication:


debug aaa events

debug aaa authentication

debug aaa packets


Please rate if this helped.


Regards,

Daniel

godzilla0 Thu, 07/17/2008 - 06:32
User Badges:

Is there a way to debug only 1 connection and not to search on all the dump produced by more than 10 tunnels ? Thanks.

Correct Answer
Daniel Voicu Thu, 07/17/2008 - 07:58
User Badges:
  • Silver, 250 points or more

No, you cannot filter the debug.

However, if you have problems with only 1 connection, only this one should be in the debug.

The working VPNs will give little or no debug messages (only at rekey or termination).


Please rate if this helped.


Regards,

Daniel

mbrowneminence Fri, 10/23/2015 - 05:08
User Badges:

Just came across this on the googles.

 

To note, debug filtering is possible...

Given:

username EZVPNUSERSNAME password XXXXXXXXXXX encrypted privilege 0
username EZVPNUSERSNAME attributes
 vpn-group-policy APPLICABLEPOLICY

 

To enable debugging try:

debug crypto condition user EZVPNUSERSNAME
terminal monitor

conf t
no logging monitor debugging
exit
debug crypto isakmp 240
debug crypto ipsec 240
debug crypto ikev1 240
debug crypto engine 240
sh crypto debug-condition

To stop:

 

debug crypto condition reset
terminal no monitor
undebug all
sh crypto debug-condition

Actions

This Discussion