Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
2
Replies

3030 Concentrator Site to Site

nrhelpdesk
Level 1
Level 1

‎07-22-2008 09:40 AM - edited ‎03-09-2019 09:08 PM

Trying to setup L2L VPN. Once the L2L is enabled, does it attempt to connect immediately? Also, how can I view the logs to see what is successful/failing on this or any other VPN connection.

Thank you.

Labels:
0 Helpful
2 Replies 2

michael.leblanc
Level 4
Level 4

‎07-22-2008 03:54 PM

You need to generate traffic requiring crypto protection (defined by your crypto ACL) in order to initiate the negotiation of an ISAKMP SA, which will establish a secure channel through which IPSec SAs will be negotiated.

Don't have access to a 3030 Concentrator, but on an IOS system you'd check status with:

show crypto isakmp sa detail

show crypto ipsec sa detail

Perhaps, log crypto sessions in syslog with:

crypto logging session

... and perhaps:

deny ip any any log

... as the last ACE in interface ACLs to identify configuration errors, and the presence of traffic that violates security policy.

0 Helpful

srue
Level 7
Level 7
In response to michael.leblanc

‎07-22-2008 05:48 PM

like any other vpn, you need to pass data through it for hte vpn to attempt to establish.

to monitor vpn sessions:

Monitor --> sessions

to view logs:

Monitor --> filterable event log

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents