Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

LAN to LAN and Remote Access IPsec VPN Troubleshooting Flowchart

Contents

Introduction

This document provides troubleshooting information for common problems with LAN to LAN (L2L) and Remote access VPN.

For information about L2L VPN troubleshooting, see L2L VPN Flowchart in the VPN Troubleshooting section of this document.

For information about Remote Access VPN troubleshooting, see Remote Access VPN Flowchart in the VPN Troubleshooting section of this document.

If you need configuration example documents for the Site to Site VPN and Remote access VPN, refer to the Remote Access VPN, Site to Site VPN (L2L) with PIX, Site to Site VPN (L2L) with IOS, and Site to Site VPN (L2L) with VPN3000 sections of Configuration Examples and TechNotes

Note: Even though the configuration examples in this document are for use on routers and security appliances, nearly all of these concepts are also applicable to the the VPN 3000 concentrator.

warning Warning: Many of the solutions presented in this document can lead to a temporary loss of all IPSec VPN connectivity on a device. Cisco recommends that these solutions be implemented with caution and in accordance with your change control policy.

If you have the output of a show run isakmp, show run ipsec, show run tunnel-group, or show run crypto map command from your Cisco device, you can use Output Interpreter to display potential issues and fixes. You must be a registered customer, be logged in, and have JavaScript enabled in order to use the Output Intrepreter.

Prerequisites

Requirements

Cisco recommends that you have knowledge of IPsec VPN configurations on these Cisco devices:

  • Cisco PIX 500 Series Security Appliance

  • Cisco ASA 5500 Series Security Appliance

  • Cisco IOS® Routers

  • Cisco VPN 3000 Series Concentrators (Optional)

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco ASA 5500 Series Security Appliance

  • Cisco PIX 500 Series Security Appliance

  • Cisco IOS

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

VPN Troubleshooting

L2L VPN Flowchart

Click the red text in order to display troubleshooting information about a specific topic.

Remote Access VPN Flowchart

Click the red text in order to display troubleshooting information about a specific topic.

Related Information

Check network connectivity Check routing Check crypto ACL Check NAT exemption ACL Check NAT-T Check ISAKMP policies Check ISAKMP lifetime Check ISAKMP keepalives Check Transform sets Check Crypto map Check sequence number Check Tunnel group Check Pre-shared keys Check remote peer name Clear old/existing tunnels Check Idle/Session timeout Re-Enter Pre-shared keys Enable or Disable PFS Disable X-auth MTU/MSS issuesCheck group name and password Check certificate config Check sequence number Check ISAKMP policies Check Crypto map Check local LAN access Check access to DMZ Check hair pinning Check split tunneling Check for overlapping private networks Check simultaneous logins Check DNS name resolution

Version history
Revision #:
1 of 1
Last update:
‎04-20-2014 11:55 PM
Updated by:
 
Labels (1)