Re: Cisco ASA IPSec Site-to-Site VPN Logs via ASDM.

eng.khaled.omar · ‎07-15-2019

Is there a way to show the IPSec Site-to-Site VPN logs from Cisco ASA using ASDM?

I created a IPSec VPN using Cisco ASA but the VPN tunnel is not UP, i want to see the logs via ASDM indicating why the VPN tunnel is not established, cannot find such logs in ASDM.

Regards,

Khaled

Alan Ng'ethe · ‎07-15-2019

The logging asdm informational command should allow you to see IKE negotiation failures.

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.

Richard Burts · ‎07-18-2019

The original poster asks about using ASDM to view logs that relate to problems with a configured VPN. I believe that there are several aspects to this question. First is the aspect of how to use ASDM to view log messages. Correct configuration of logging on the ASA (including logging asdm) should allow them to use ASDM to view syslog messages. The second aspect of the question is whether syslog will include messages about failures in IKE negotiation. If debug for crypto isakmp is enabled then syslog should contain messages about IKE negotiation. But if there is no debug running then I do not believe that syslog would contain messages about IKE negotiation. The third aspect of the question is whether the original poster wants to see messages in real time (or near real time) or wants to see messages from some time in the past. The ASA has limited ability to store syslog messages. So you should be able to see messages in real time or near real time. But to see messages from a time in the past you probably need to have some device in the network that will receive and store the syslog messages from the ASA.

HTH

Rick

HTH

Rick