Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to know Site to Site VPN up or Down st.


am using cisco asa 5505 , and i created 3 site to site vpns to other companies i wanna now the our configruation is mismaching or completed , so how i know that both phase1 and phase 2 are completed or missing parameters ,

please help

Hall of Fame Super Silver

Re: How to know Site to Site VPN up or Down st.

Well, aside from traffic passing successfully through the new tunnels, the command:

     show crypto isakmp sa

will show the status of the tunnels (command reference). You should see a status of "mm active" for all active tunnels.

To see details for a particular tunnel, try:

     show vpn-sessiondb l2l

Details on that command usage are here.

If a site-site VPN is not establishing successfully, you can debug it. It's usually useful to narrow down the debug output first with "debug crypto condition peer  " and then turn on debugging level 7 for Ipsec and isakmp:

     debug cry ips 7

     debug cry isa 7 (debug crypto ikev1 or ikev2 on 8.4(1) or later)

Then introduce interesting traffic and watch the output for details. Remember to turn off all debugging when you're done ("no debug all").

CreatePlease to create content