Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5061
Views
8
Helpful
4
Replies

Easy VPN debugging ?

Go to solution
godzilla0
Level 1
Level 1

‎07-17-2008 03:28 AM

Hi we are experiencing problems with a customer who is connecting to our Cisco 2800 via EasyVPN. I would like to know the exactly effective right way to debug and troubleshoot and EasyVPN tunnel. Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
5220
Level 4
Level 4
In response to godzilla0

‎07-17-2008 07:58 AM

No, you cannot filter the debug.

However, if you have problems with only 1 connection, only this one should be in the debug.

The working VPNs will give little or no debug messages (only at rekey or termination).

Please rate if this helped.

Regards,

Daniel

View solution in original post

0 Helpful
4 Replies 4

Go to solution
5220
Level 4
Level 4

‎07-17-2008 06:01 AM

Hi,

terminal monitor

debug crypto isakmp

debug crypto ipsec

sh crypto isakmp sa

sh crypto ipsec sa

If you are using AAA servers for authentication:

debug aaa events

debug aaa authentication

debug aaa packets

Please rate if this helped.

Regards,

Daniel

Go to solution
godzilla0
Level 1
Level 1
In response to 5220

‎07-17-2008 06:32 AM

Is there a way to debug only 1 connection and not to search on all the dump produced by more than 10 tunnels ? Thanks.

0 Helpful

Go to solution
5220
Level 4
Level 4
In response to godzilla0

‎07-17-2008 07:58 AM

No, you cannot filter the debug.

However, if you have problems with only 1 connection, only this one should be in the debug.

The working VPNs will give little or no debug messages (only at rekey or termination).

Please rate if this helped.

Regards,

Daniel

0 Helpful

Go to solution
mbrowneminence
Level 1
Level 1
In response to 5220

‎10-23-2015 05:08 AM

Just came across this on the googles.

 

To note, debug filtering is possible...

Given:

username EZVPNUSERSNAME password XXXXXXXXXXX encrypted privilege 0
username EZVPNUSERSNAME attributes
 vpn-group-policy APPLICABLEPOLICY

 

To enable debugging try:

debug crypto condition user EZVPNUSERSNAME
terminal monitor

conf t
no logging monitor debugging
exit
debug crypto isakmp 240
debug crypto ipsec 240
debug crypto ikev1 240
debug crypto engine 240
sh crypto debug-condition

To stop:

 

debug crypto condition reset
terminal no monitor
undebug all
sh crypto debug-condition
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents