08-22-2011 08:02 AM - edited 03-11-2019 02:15 PM
I have a possible routing issue on a WAN link and I have an ASA on a separate link for backup VPN. I suspect that the WAN side is having problems and the VPN is kicking in momentarily. Can anyone help with what commands I need to run so see when the last VPN tunnel was created? If the main WAN link is stable the VPN should not connect, so knowing if/when the last tunnel was brought up would help with ths problem diagnosis.
Thanks!
08-22-2011 08:29 AM
Well I am not really sure about it, but if you have debugs enabled on the ASA (debug crypto isakmp 127 and debug crupto ipsec 127) then you should be able to atleast know when the ast time the tunnel was esatblished in the syslog server. You can give it a try and check.
Thanks,
Varun
08-22-2011 09:10 AM
Right now I'm pretty much limited to show commands. I suppose I could clear the counters and view those stats after an event.
08-22-2011 09:23 AM
Yup, thats right, but show crypto ipsec sa and show vpn-sessiondb should help in it.
-Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide