logging for cisco 1811

Unanswered Question
Apr 6th, 2010
User Badges:

Hi all,


My office is using cisco1811 and has a site to site vpn to another regional office.

How do i run logging or is there anything i can do on my cisco 1811 to verify that the vpn connection to my regional office is fine?

Thks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Tue, 04/06/2010 - 20:14
User Badges:
  • Cisco Employee,

You can check the output of the following command:

-- show crypto isa sa --> if the status is QM_IDLE, that means Phase 1 is UP.

-- show crypto ipsec sa --> if you see the encrypted and decrypted counters are increasing, that means the VPN tunnel is up and passing traffic.


Hope that helps.

mmitgroup Tue, 04/06/2010 - 23:11
User Badges:

hi halijenn,


Below is the output after i run "show crypto ipsec sa"

How can i troubleshoot on the 63 and 399 errors detected?


interface: FastEthernet0
    Crypto map tag:  local addr x.x.x.x

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (x.x.x.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (x.0.0.0/255.0.0.0/0/0)
   current_peer x.x.x.x port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 1802458, #pkts encrypt: 1802458, #pkts digest: 1802458
    #pkts decaps: 2028301, #pkts decrypt: 2028301, #pkts verify: 2028301
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 63, #recv errors 0

     local crypto endpt.: x.x.x.x, remote crypto endpt.: x.x.x.x
     path mtu 1500, ip mtu 1500
     current outbound spi: 0x27BBB83(41663363)

     inbound esp sas:
      spi: 0xEE759D4D(4000685389)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 37, flow_id: Motorola SEC 2.0:37, crypto map:
        sa timing: remaining key lifetime (k/sec): (4410520/21809)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x27BBB83(41663363)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 40, flow_id: Motorola SEC 2.0:40, crypto map: x
        sa timing: remaining key lifetime (k/sec): (4410636/21780)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

     local crypto endpt.: x.x.x.x, remote crypto endpt.: x.x.x.x
     path mtu 1500, ip mtu 1500
     current outbound spi: 0x0(0)

     inbound esp sas:

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

     outbound ah sas:

     outbound pcp sas:

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (x.x.x.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (x.0.0.0/255.0.0.0/0/0)
   current_peer x.x.x.x port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 80663318, #pkts encrypt: 80663318, #pkts digest: 80663318
    #pkts decaps: 81484352, #pkts decrypt: 81484352, #pkts verify: 81484352
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 399, #recv errors 0

     local crypto endpt.: x.x.x.x, remote crypto endpt.: x.x.x.x
     path mtu 1500, ip mtu 1500
     current outbound spi: 0x26DF483(40760451)

     inbound esp sas:
      spi: 0x5A54B1D(94718749)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 33, flow_id: Motorola SEC 2.0:33, crypto map:
        sa timing: remaining key lifetime (k/sec): (4176383/21742)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x26DF483(40760451)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 36, flow_id: Motorola SEC 2.0:36, crypto map:
        sa timing: remaining key lifetime (k/sec): (4437132/21737)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

     local crypto endpt.: x.x.x.x, remote crypto endpt.: x.x.x.x
     path mtu 1500, ip mtu 1500
     current outbound spi: 0x0(0)

     inbound esp sas:

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

     outbound ah sas:

     outbound pcp sas:

Jennifer Halim Wed, 04/07/2010 - 05:24
User Badges:
  • Cisco Employee,

That is very small percentage of errors compared to the number of packets that have been encrypted and decrypted.

Are you seeing any specific problem with traffic going through the VPN tunnel?

mciszek Tue, 04/06/2010 - 20:16
User Badges:

wenbin,


You could setup a syslog server on a windows box and run Kiwi syslog to do the logging.

Kiwi which is now part of SolarWinds a company that has a bunch of tools for doing monitoring of just about any network device.


You could use something like Quick Ping Monitor which will allow you to setup a ping monitor of a device on the remote end.


You might want to write your own script to do the pings and check the status and send the alerts using blat when the vpn goes down.


Hope this helps,


Mike

tsasbrink_2 Wed, 04/07/2010 - 00:46
User Badges:

Hi,


I have seen those kind of errors before, In my case they came from a mask difference in the sa with Checkpoint R65.


Checkpoint does not need an exact matching mask but the ios box does. This ment only being able to initiate a tunnel for only some traffic in one direction.


So you might wat to check the confiured SA or received sa's for differences.

Actions

This Discussion