Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
0
Helpful
1
Replies

cisco asa ASA5545 multiple site to site vpn configured.

Go to solution
obtacrdc2016
Level 1
Level 1

‎04-18-2018 09:41 PM - edited ‎02-21-2020 07:39 AM

I have multiple site to site VPN ( phae 1 and 2)configured on ASA5545. if i have one peer IP then how can i find the exact phase 1 and 2 configured for this Peer for the troubleshooting or modification of the negotiation parameters ? whats the cli commad to check the both pase configured for the particuler Peer IP.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
GioGonza
Level 4
Level 4

‎04-19-2018 03:54 PM

Hello @obtacrdc2016

 

In order to know what is happening wiht the connection you need to turn on the debugs like this: 

 

debug crypto condition peer <IP address>

debug crypto ikev1 250

debug crypto ipsec 250 

 

If you want to check the configuration, for Phase 1 is a general configuration and you can check it like this "show run crypto ikev1", if you want to check Phase 2 type first "show crypto map  | in <Peer IP address>" you should get the sequence number and you repeat like this then: "show crypto map | be _<seq #>_"

 

HTH

Gio

View solution in original post

0 Helpful
1 Reply 1

Go to solution
GioGonza
Level 4
Level 4

‎04-19-2018 03:54 PM

Hello @obtacrdc2016

 

In order to know what is happening wiht the connection you need to turn on the debugs like this: 

 

debug crypto condition peer <IP address>

debug crypto ikev1 250

debug crypto ipsec 250 

 

If you want to check the configuration, for Phase 1 is a general configuration and you can check it like this "show run crypto ikev1", if you want to check Phase 2 type first "show crypto map  | in <Peer IP address>" you should get the sequence number and you repeat like this then: "show crypto map | be _<seq #>_"

 

HTH

Gio

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card