3030 Concentrator Site to Site

Unanswered Question
Jul 22nd, 2008
User Badges:

Trying to setup L2L VPN. Once the L2L is enabled, does it attempt to connect immediately? Also, how can I view the logs to see what is successful/failing on this or any other VPN connection.


Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
michael.leblanc Tue, 07/22/2008 - 15:54
User Badges:
  • Silver, 250 points or more

You need to generate traffic requiring crypto protection (defined by your crypto ACL) in order to initiate the negotiation of an ISAKMP SA, which will establish a secure channel through which IPSec SAs will be negotiated.



Don't have access to a 3030 Concentrator, but on an IOS system you'd check status with:


show crypto isakmp sa detail

show crypto ipsec sa detail



Perhaps, log crypto sessions in syslog with:


crypto logging session



... and perhaps:


deny ip any any log


... as the last ACE in interface ACLs to identify configuration errors, and the presence of traffic that violates security policy.


srue Tue, 07/22/2008 - 17:48
User Badges:
  • Blue, 1500 points or more

like any other vpn, you need to pass data through it for hte vpn to attempt to establish.

to monitor vpn sessions:

Monitor --> sessions

to view logs:

Monitor --> filterable event log

Actions

This Discussion