Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1486
Views
10
Helpful
4
Replies

Debug for IPSEC tunnel not dispaying anything

CiscoPurpleBelt
Level 6
Level 6

‎10-16-2019 09:24 AM - edited ‎02-21-2020 09:35 AM

So I set the following:

 

debug crypto condition peer  10.10.10.1

 

debug crypto ikev2 protocol 127
debug crypto ikev2 platform 127

 

However no debugs are displayed on the CLI for IPSEC tunnel negotiations. All configs for tunnel look good as it was working not too long ago. 

0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎10-16-2019 09:31 AM

Hi,
Is interesting traffic being generated in order to establish the tunnel? Without that there would be no debugs.

HTH

CiscoPurpleBelt
Level 6
Level 6
In response to Rob Ingram

‎10-16-2019 09:34 AM

No it is not. I have to wait on something to do that. So I guess the tunnel traffic or negotiation will only come up if interesting traffic is being generated?
0 Helpful

Rob Ingram
VIP
VIP
In response to CiscoPurpleBelt

‎10-16-2019 09:40 AM

If using a crypto map (which I assume you are) then yes, interesting traffic needs to be generated in order for the tunnel to be established and therefore generate debug logs.

If you were using a VTI, then the tunnel would attempt to establish straight away and stay up without the requirement for interesting traffic.

HTH

CiscoPurpleBelt
Level 6
Level 6
In response to Rob Ingram

‎10-16-2019 10:07 AM

Yes, I am using a Crypto map. I will get back to you. Thanks!
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card