Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

filtering log messages

I'm attempting to debug an ipsec tunnel on an ASA 5510 (8.4(3)) and when I turn on `debug crypto ipsec` and then execute `logging monitor` I get an constant stream of TCP debugging events, is it possible to only view ipsec messages?

Everyone's tags (2)
New Member

filtering log messages

Have you tried using the debug crypto condition commands:

ciscoasa# debug crypto condition ?

  error      Display debug error messages regardless of filters

  group      Filter on a group name

  peer       Filter on a peer address or subnet

  reset      Clear the crypto debug filters

  spi        Filter on an IPSec SPI

  unmatched  Display messages with insufficient context to match a filter

  user       Filter on a user name

New Member

filtering log messages

It seems that you are using VPN, so if you want to check tunnel you can use show and debug but you should classify problem, if you have security issue you can use Show Crypto isakmp sa that shows isakmp operational data but if you want to see isakmp detailed negoiation you can use debug crypto isakmp , but if problem is related to ipsec tunnel you can use show crypto ipsec sa or debug crypto ipsec  but you can add debug level at the end of command, default is 1 for example you can use debug crypto ipsec 7 to debug detailed ipsec negotiations.