04-18-2018 09:41 PM - edited 02-21-2020 07:39 AM
I have multiple site to site VPN ( phae 1 and 2)configured on ASA5545. if i have one peer IP then how can i find the exact phase 1 and 2 configured for this Peer for the troubleshooting or modification of the negotiation parameters ? whats the cli commad to check the both pase configured for the particuler Peer IP.
Solved! Go to Solution.
04-19-2018 03:54 PM
Hello @obtacrdc2016,
In order to know what is happening wiht the connection you need to turn on the debugs like this:
debug crypto condition peer <IP address>
debug crypto ikev1 250
debug crypto ipsec 250
If you want to check the configuration, for Phase 1 is a general configuration and you can check it like this "show run crypto ikev1", if you want to check Phase 2 type first "show crypto map | in <Peer IP address>" you should get the sequence number and you repeat like this then: "show crypto map | be _<seq #>_"
HTH
Gio
04-19-2018 03:54 PM
Hello @obtacrdc2016,
In order to know what is happening wiht the connection you need to turn on the debugs like this:
debug crypto condition peer <IP address>
debug crypto ikev1 250
debug crypto ipsec 250
If you want to check the configuration, for Phase 1 is a general configuration and you can check it like this "show run crypto ikev1", if you want to check Phase 2 type first "show crypto map | in <Peer IP address>" you should get the sequence number and you repeat like this then: "show crypto map | be _<seq #>_"
HTH
Gio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide