07-17-2008 03:28 AM
Hi we are experiencing problems with a customer who is connecting to our Cisco 2800 via EasyVPN. I would like to know the exactly effective right way to debug and troubleshoot and EasyVPN tunnel. Thank you.
Solved! Go to Solution.
07-17-2008 07:58 AM
No, you cannot filter the debug.
However, if you have problems with only 1 connection, only this one should be in the debug.
The working VPNs will give little or no debug messages (only at rekey or termination).
Please rate if this helped.
Regards,
Daniel
07-17-2008 06:01 AM
Hi,
terminal monitor
debug crypto isakmp
debug crypto ipsec
sh crypto isakmp sa
sh crypto ipsec sa
If you are using AAA servers for authentication:
debug aaa events
debug aaa authentication
debug aaa packets
Please rate if this helped.
Regards,
Daniel
07-17-2008 06:32 AM
Is there a way to debug only 1 connection and not to search on all the dump produced by more than 10 tunnels ? Thanks.
07-17-2008 07:58 AM
No, you cannot filter the debug.
However, if you have problems with only 1 connection, only this one should be in the debug.
The working VPNs will give little or no debug messages (only at rekey or termination).
Please rate if this helped.
Regards,
Daniel
10-23-2015 05:08 AM
Just came across this on the googles.
To note, debug filtering is possible...
Given:
username EZVPNUSERSNAME password XXXXXXXXXXX encrypted privilege 0 username EZVPNUSERSNAME attributes vpn-group-policy APPLICABLEPOLICY
To enable debugging try:
debug crypto condition user EZVPNUSERSNAME terminal monitor conf t no logging monitor debugging exit debug crypto isakmp 240 debug crypto ipsec 240 debug crypto ikev1 240 debug crypto engine 240 sh crypto debug-condition
To stop:
debug crypto condition reset terminal no monitor undebug all sh crypto debug-condition
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: