Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1575
Views
10
Helpful
4
Replies

Debug for IPSEC tunnel not dispaying anything

CiscoBrownBelt
Level 6
Level 6

‎10-16-2019 09:24 AM - edited ‎02-21-2020 09:35 AM

So I set the following:

 

debug crypto condition peer  10.10.10.1

 

debug crypto ikev2 protocol 127
debug crypto ikev2 platform 127

 

However no debugs are displayed on the CLI for IPSEC tunnel negotiations. All configs for tunnel look good as it was working not too long ago. 

0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎10-16-2019 09:31 AM

Hi,
Is interesting traffic being generated in order to establish the tunnel? Without that there would be no debugs.

HTH

CiscoBrownBelt
Level 6
Level 6
In response to Rob Ingram

‎10-16-2019 09:34 AM

No it is not. I have to wait on something to do that. So I guess the tunnel traffic or negotiation will only come up if interesting traffic is being generated?
0 Helpful

Rob Ingram
VIP
VIP
In response to CiscoBrownBelt

‎10-16-2019 09:40 AM

If using a crypto map (which I assume you are) then yes, interesting traffic needs to be generated in order for the tunnel to be established and therefore generate debug logs.

If you were using a VTI, then the tunnel would attempt to establish straight away and stay up without the requirement for interesting traffic.

HTH

CiscoBrownBelt
Level 6
Level 6
In response to Rob Ingram

‎10-16-2019 10:07 AM

Yes, I am using a Crypto map. I will get back to you. Thanks!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card