07-15-2019 04:16 PM
Is there a way to show the IPSec Site-to-Site VPN logs from Cisco ASA using ASDM?
I created a IPSec VPN using Cisco ASA but the VPN tunnel is not UP, i want to see the logs via ASDM indicating why the VPN tunnel is not established, cannot find such logs in ASDM.
Regards,
Khaled
07-15-2019 07:50 PM
The logging asdm informational command should allow you to see IKE negotiation failures.
07-18-2019 08:58 AM
The original poster asks about using ASDM to view logs that relate to problems with a configured VPN. I believe that there are several aspects to this question. First is the aspect of how to use ASDM to view log messages. Correct configuration of logging on the ASA (including logging asdm) should allow them to use ASDM to view syslog messages. The second aspect of the question is whether syslog will include messages about failures in IKE negotiation. If debug for crypto isakmp is enabled then syslog should contain messages about IKE negotiation. But if there is no debug running then I do not believe that syslog would contain messages about IKE negotiation. The third aspect of the question is whether the original poster wants to see messages in real time (or near real time) or wants to see messages from some time in the past. The ASA has limited ability to store syslog messages. So you should be able to see messages in real time or near real time. But to see messages from a time in the past you probably need to have some device in the network that will receive and store the syslog messages from the ASA.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide