07-22-2008 09:40 AM - edited 03-09-2019 09:08 PM
Trying to setup L2L VPN. Once the L2L is enabled, does it attempt to connect immediately? Also, how can I view the logs to see what is successful/failing on this or any other VPN connection.
Thank you.
07-22-2008 03:54 PM
You need to generate traffic requiring crypto protection (defined by your crypto ACL) in order to initiate the negotiation of an ISAKMP SA, which will establish a secure channel through which IPSec SAs will be negotiated.
Don't have access to a 3030 Concentrator, but on an IOS system you'd check status with:
show crypto isakmp sa detail
show crypto ipsec sa detail
Perhaps, log crypto sessions in syslog with:
crypto logging session
... and perhaps:
deny ip any any log
... as the last ACE in interface ACLs to identify configuration errors, and the presence of traffic that violates security policy.
07-22-2008 05:48 PM
like any other vpn, you need to pass data through it for hte vpn to attempt to establish.
to monitor vpn sessions:
Monitor --> sessions
to view logs:
Monitor --> filterable event log
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: