Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

help - how to logg the IPSec ESP protocol 50 & 51

We collect the logs on the Cisco CSM and again separately on a Linux syslog host. We have chosen the level Informational, this has been recommended by Cisco. With ASDM we are also collecting log on level debug, which is desired. Unfortunately, we are seeing here is no ESP packets.
We see in the logging PH1 UDP packets (UDP 500), no IPSEC packets.
I would also like to point out that the ASA itself does not terminate IPSec VPNs. It stands as an external firewall between our VPN gateways(internal) and the Internet.
we have also disabled the sysopt connection permit-vpn

In summary, the VPN goes through the ASA and terminates on the inside firewall, what we want to achieve is, to log the ph1 and ph2 from the external ASA and send it to the log server

We can see the ph1 but not the ph2, anyone knows how to go about this please?

Thanks in advance


CreatePlease to create content