filtering log messages

Unanswered Question
Mar 6th, 2012

I'm attempting to debug an ipsec tunnel on an ASA 5510 (8.4(3)) and when I turn on `debug crypto ipsec` and then execute `logging monitor` I get an constant stream of TCP debugging events, is it possible to only view ipsec messages?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
mikeburr1234 Wed, 04/11/2012 - 19:30

Have you tried using the debug crypto condition commands:

ciscoasa# debug crypto condition ?

  error      Display debug error messages regardless of filters

  group      Filter on a group name

  peer       Filter on a peer address or subnet

  reset      Clear the crypto debug filters

  spi        Filter on an IPSec SPI

  unmatched  Display messages with insufficient context to match a filter

  user       Filter on a user name

kamran_Roostaee Sun, 04/15/2012 - 01:05

It seems that you are using VPN, so if you want to check tunnel you can use show and debug but you should classify problem, if you have security issue you can use Show Crypto isakmp sa that shows isakmp operational data but if you want to see isakmp detailed negoiation you can use debug crypto isakmp , but if problem is related to ipsec tunnel you can use show crypto ipsec sa or debug crypto ipsec  but you can add debug level at the end of command, default is 1 for example you can use debug crypto ipsec 7 to debug detailed ipsec negotiations.


Login or Register to take actions

This Discussion

Posted March 6, 2012 at 1:33 PM
Replies:2 Avg. Rating:
Views:1053 Votes:0

Related Content


Discussions Leaderboard