Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3030 Concentrator Site to Site

Trying to setup L2L VPN. Once the L2L is enabled, does it attempt to connect immediately? Also, how can I view the logs to see what is successful/failing on this or any other VPN connection.

Thank you.

2 REPLIES

Re: 3030 Concentrator Site to Site

You need to generate traffic requiring crypto protection (defined by your crypto ACL) in order to initiate the negotiation of an ISAKMP SA, which will establish a secure channel through which IPSec SAs will be negotiated.

Don't have access to a 3030 Concentrator, but on an IOS system you'd check status with:

show crypto isakmp sa detail

show crypto ipsec sa detail

Perhaps, log crypto sessions in syslog with:

crypto logging session

... and perhaps:

deny ip any any log

... as the last ACE in interface ACLs to identify configuration errors, and the presence of traffic that violates security policy.

Gold

Re: 3030 Concentrator Site to Site

like any other vpn, you need to pass data through it for hte vpn to attempt to establish.

to monitor vpn sessions:

Monitor --> sessions

to view logs:

Monitor --> filterable event log

102
Views
0
Helpful
2
Replies