09-09-2009 07:27 AM - edited 03-11-2019 09:13 AM
Hi,
I have an ASA and my syslog server keeps saying a VPN is failing as there is no match!
I have setup many before but this just won't connect. How do I few more detailed crypto logs?
Any commands what be most welcome.
Thanks
09-09-2009 08:01 AM
Here's a very handy article on troubleshooting VPN's.
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
09-09-2009 05:41 PM
debug crypto isak 254
Will show you the IKE negotiation per the RFC. If you'd like, you can post the debugs here and I'll be happy to tell you what the problem is.
03-05-2019 07:33 PM
03-07-2019 07:59 AM
Paste the output for "show run crypto ikev1" or "show run crypto isakmp".
Error message of relevance is:
Mar 05 02:38:05 [IKEv1]: IP = 3.3.3.3, Unable to compute DH pair while processing SA!
The ASA does not seem to like the DH group setting in the IKE negotiations. Try different combinations and see which works for you.
03-06-2019 03:14 AM
debug crypto isakmp and debug cry ipsec are most common. has this VPN ever worked from your end?
I would start with that
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide