Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Useful debug commands for VPN issues?

Hello,

I'm trying to setup a VPN to another company, but I'm having no luck.  We both think we are using the correct information for phase 1 and 2.  I'm using a ASA 5520 and wondered what commands would be useful for me to debug phase 1 and/or phase 2 of the VPN?

Thanks

5 REPLIES

Re: Useful debug commands for VPN issues?

Here's a great troubleshooting guide for VPN-

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Hope it helps.

New Member

Re: Useful debug commands for VPN issues?

HI Andy,

These are the commands to enable debugs on the ASA:

debug crypto isakmp <1-250> <--level of debug

debug crypto ipsec <1-250>

Thanks,

Pradhuman

Bronze

Re: Useful debug commands for VPN issues?

Unlike PIX 6.x and below firmware, you dont actually need to enable ipsec debugging.  The ASA debugs are MUCH more informative...

'debug crypto isakmp 254' will provide you with packet-by-packet debugging of both Phase 1 and Phase 2 negotiations

If you want a little less, try debug level 7.

I have yet to run in to a IPSEC VPN issue that I was not able to completely and effectively troubleshoot using only this command.

debug crypto ipsec #  provides very little (if any) additional information

New Member

Re: Useful debug commands for VPN issues?

Thanks, I'm trying debug crypto isakmp 254 and debug crypto isakmp 7, but so much info comes in I can't filter out the VPN I need, any recommendations around this?

Thanks

New Member

Re: Useful debug commands for VPN issues?

Lower the debug level.

811
Views
0
Helpful
5
Replies
CreatePlease to create content