topic How to debug ipsec phase 2 on ASA 5520? in Network Security https://community.cisco.com/t5/network-security/how-to-debug-ipsec-phase-2-on-asa-5520/m-p/1326366#M785538 <P>I have a problem related to ipsec on a Cisco ASA 5520. Briefly told the problem is when the remote site is initiating traffic againt my site. Traffic initiated from my site is working perfect. When the remote site is initiating traffic sometimes it works and somestimes it is not working. When it is NOT working the log shows the output that I have included in the attached file. So my question is: How can I set up logging on the ASA so that I can see exactly WAHT is causing the problem? The attached file is the result from logging with debug level, but how to see the exact cause of the failure? How to see what proposals the remote gateway is suggesting and so on...?</P><P></P><P>The really strange thing is that it sometimes work, sometimes not. Any ideas?</P><P></P><P> </P><P></P> Mon, 11 Mar 2019 16:40:31 GMT cisco 2019-03-11T16:40:31Z How to debug ipsec phase 2 on ASA 5520? https://community.cisco.com/t5/network-security/how-to-debug-ipsec-phase-2-on-asa-5520/m-p/1326366#M785538 <P>I have a problem related to ipsec on a Cisco ASA 5520. Briefly told the problem is when the remote site is initiating traffic againt my site. Traffic initiated from my site is working perfect. When the remote site is initiating traffic sometimes it works and somestimes it is not working. When it is NOT working the log shows the output that I have included in the attached file. So my question is: How can I set up logging on the ASA so that I can see exactly WAHT is causing the problem? The attached file is the result from logging with debug level, but how to see the exact cause of the failure? How to see what proposals the remote gateway is suggesting and so on...?</P><P></P><P>The really strange thing is that it sometimes work, sometimes not. Any ideas?</P><P></P><P> </P><P></P> Mon, 11 Mar 2019 16:40:31 GMT https://community.cisco.com/t5/network-security/how-to-debug-ipsec-phase-2-on-asa-5520/m-p/1326366#M785538 cisco 2019-03-11T16:40:31Z Re: How to debug ipsec phase 2 on ASA 5520? https://community.cisco.com/t5/network-security/how-to-debug-ipsec-phase-2-on-asa-5520/m-p/1326367#M785539 <HTML><HEAD></HEAD><BODY><P>You're failing at the negotiation of IPSec. You have a log entry of <B>All IPSec SA proposals found unacceptable</B>. Make sure everything matches verbatim in ISAKMP and IPSec. Also here's an excellent troubleshooting guide.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml</A></P></BODY></HTML> Tue, 17 Nov 2009 14:22:21 GMT https://community.cisco.com/t5/network-security/how-to-debug-ipsec-phase-2-on-asa-5520/m-p/1326367#M785539 Collin Clark 2009-11-17T14:22:21Z