VPN Trouble Shooting

Unanswered Question
Jan 15th, 2010
User Badges:

What are some good commands to use when trying to troubleshoot an initial IPSEC site-to-site VPN?  I guess I should mention I'm using an ASA5520 v8.04.  It would be nice to have something that would tell you whether the management connection was being built or not or where the problems lie.


Thanks,

glh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 01/15/2010 - 13:48
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

g.harper wrote:


What are some good commands to use when trying to troubleshoot an initial IPSEC site-to-site VPN?  I guess I should mention I'm using an ASA5520 v8.04.  It would be nice to have something that would tell you whether the management connection was being built or not or where the problems lie.


Thanks,

glh


debug crypto isakmp

debug crypto ipsec


to show the actual setup as it happens - isakmp = Phase1, ipsec = Phase 2. As with all debugging be aware that this will place an extra load on the firewall


sh crypto isakmp sa

sh crypto ipsec sa


to show the status of Phase 1 and Phase


see the command reference for full details of these commands -


ASA 8.0 command reference


Jon

Actions

This Discussion