×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

How to know Site to Site VPN up or Down st.

Unanswered Question
Feb 26th, 2012
User Badges:

Hello GENTELMANS


am using cisco asa 5505 , and i created 3 site to site vpns to other companies i wanna now the our configruation is mismaching or completed , so how i know that both phase1 and phase 2 are completed or missing parameters ,



please help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Marvin Rhoads Sun, 02/26/2012 - 08:40
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Well, aside from traffic passing successfully through the new tunnels, the command:


     show crypto isakmp sa


will show the status of the tunnels (command reference). You should see a status of "mm active" for all active tunnels.


To see details for a particular tunnel, try:


     show vpn-sessiondb l2l


Details on that command usage are here.


If a site-site VPN is not establishing successfully, you can debug it. It's usually useful to narrow down the debug output first with "debug crypto condition peer  " and then turn on debugging level 7 for Ipsec and isakmp:


     debug cry ips 7

     debug cry isa 7 (debug crypto ikev1 or ikev2 on 8.4(1) or later)


Then introduce interesting traffic and watch the output for details. Remember to turn off all debugging when you're done ("no debug all").

Actions

This Discussion

Related Content