08-02-2007 09:59 AM
In order to troubleshoot problems resulting from an issue with a vpn connection where router contains a firewall ios, knowing the correct commands are essential. What are the proper commands that should be used in displaying information related to vpn problems? For example, on a pix commands show conn, show isa sa, show ipsec sa, sh exlate etc. help in determining issues. What are some commands that are the equivalent to these and what others can be used on a router that has a firewall ios?
Solved! Go to Solution.
08-03-2007 07:08 AM
Have a look at this link to learn more about the Cisco IOS Firewall.
http://cisco.com/en/US/partner/products/sw/secursw/ps1018/tsd_products_support_series_home.html
HTH
08-02-2007 11:47 AM
To troubleshoot vpn problems in ios I think the best show commands are:
show crypto isakmp sa: Shows ISAKMP security associations (SAs) built between peers.
show crypto ipsec sa: Shows IPsec SAs built between peers.
show crypto engine connection active: Shows every SA built and the amount of traffic sent.
Debug commands:
debug crypto isakmp
debug crypto ipsec
08-02-2007 04:30 PM
Thanks, that is a start. However, are there any commands that are the equivalent or similar to pix commands such as show conn, show count, show xlate etc.
08-03-2007 12:23 AM
sh conn = sh ip inspect session
sh count = sh ip traffic
sh xlate = sh ip nat translations
08-03-2007 04:22 AM
Thanks for all the info. This will help a great deal in the future. Lastly, is there a link for more indepth features regarding firewall ioses?
08-03-2007 07:08 AM
Have a look at this link to learn more about the Cisco IOS Firewall.
http://cisco.com/en/US/partner/products/sw/secursw/ps1018/tsd_products_support_series_home.html
HTH
08-03-2007 07:21 AM
Thanks, that's all I needed.
08-03-2007 05:30 AM
The following is my favorate command if you have 2800/3800 router with a VPN accelerater module.
show crypto engine accelerator statistic
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: