Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1385
Views
5
Helpful
3
Replies

Debug particular IPSEC VPN?

CiscoBrownBelt
Level 6
Level 6

‎03-07-2019 06:50 PM - edited ‎02-21-2020 08:55 AM

Running a debug but for a particular IPSEC VPN shouldn't cause much of a degradation and/or impact on performance correct or possibly?

 

The following is all I would need to enter?

debug crypto condition peer www.xxx.yyy.zzz

 

 

 

 

0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎03-08-2019 03:53 AM - edited ‎03-08-2019 03:56 AM

Hi,
If you filter using the condition peer command it shouldn't greatly impact the performance. Once you've enabled this you also need to enable the other debugs:-

debug crypto condition peer 1.1.1.1
debug crypto ikev1|iskamp (depends on what version you are running)

debug crypto ikev2

debug crypto ipsec sa

The command "show crypto debug-condition" will confirm the filter is applied to the peer ip address and which debugs are enabled.

Ensure you disable debugs once finished "undebug all"

HTH

CiscoBrownBelt
Level 6
Level 6
In response to Rob Ingram

‎03-11-2019 12:20 PM

Awesome! So if I don't see any real traffic other than "KEv2-PROTO-7: (26228): Restarting DPD timer 10 secs", should I try and generate a ping or something that is allowed through any applicable ACLs?


0 Helpful

Rob Ingram
VIP
VIP
In response to CiscoBrownBelt

‎03-11-2019 01:06 PM

Do you have a particular issue which you are troubleshooting?

You can run ping (not from the ASA) over the tunnel, check "show crypto ipsec sa" to determine whether the encaps|decaps are increasing or not.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card