filtering log messages

Unanswered Question
Mar 6th, 2012
User Badges:

I'm attempting to debug an ipsec tunnel on an ASA 5510 (8.4(3)) and when I turn on `debug crypto ipsec` and then execute `logging monitor` I get an constant stream of TCP debugging events, is it possible to only view ipsec messages?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mikeburr1234 Wed, 04/11/2012 - 19:30
User Badges:

Have you tried using the debug crypto condition commands:

ciscoasa# debug crypto condition ?

  error      Display debug error messages regardless of filters

  group      Filter on a group name

  peer       Filter on a peer address or subnet

  reset      Clear the crypto debug filters

  spi        Filter on an IPSec SPI

  unmatched  Display messages with insufficient context to match a filter

  user       Filter on a user name

kamran_Roostaee Sun, 04/15/2012 - 01:05
User Badges:

It seems that you are using VPN, so if you want to check tunnel you can use show and debug but you should classify problem, if you have security issue you can use Show Crypto isakmp sa that shows isakmp operational data but if you want to see isakmp detailed negoiation you can use debug crypto isakmp , but if problem is related to ipsec tunnel you can use show crypto ipsec sa or debug crypto ipsec  but you can add debug level at the end of command, default is 1 for example you can use debug crypto ipsec 7 to debug detailed ipsec negotiations.


This Discussion

Related Content