VPN commands

chmodchmod Member Posts: 360 ■■■□□□□□□□
Hi,
What are the best commands to torubleshoot VPN connections?
Now im working with several vpn links and i would like to know the commands, the people with more experience uses in a daily basis to troubleshot vpn's.

Comments

  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    What appliance and software version?

    For a PIX/ASA:

    debug crypto isakmp for phase 1 (i.e. if you can't see an active IKE association)
    debug crypto ipsec for phase 2 (i.e. your IKE assocation is up but nothing else)

    There are more but exploring debug crypto ? should get you what you need for most things.

    If it's remote access you can use debug-crypto for session problems but you likely also have to look at your authentication systems. So don't forget to watch your AAA servers if you are using them (Event viewer for IAS, debugging AAA on the router/device if you are using those instead etc.)
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    clear crypto sa
    clear crypto isakmp

    to catch the debugging from the beginning, starting with the interesting traffic to bring up the tunnel.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • chmodchmod Member Posts: 360 ■■■□□□□□□□
    I usually use:

    show crypto ipsec sa (to see encrypted traffic)
    show crypto isakmp sa
Sign In or Register to comment.