the isr has a 2 vrf, and it's responding when I send a ping, but if I type terminal monitor or if I am connect with serial port, I dont see any output for troubleshooting .
thanks in advanced
first of all, check with
what debug are enabled if you see anything telling about conditions perform first undebug all then re-enable the desired debugging.
I have checked that debug ip icmp has no VRF option and your traffic may be in a VRF.
You could try to use another type of debug
debug ip packet accepts the VRF option
use an ACL to describe the traffic you want to debug
access-list 101 icmp host 220.127.116.11 host 18.104.22.168
debug ip packet detail 101 vrf <vrf-name>
it is very important to use an ACL with this debug command to avoid to overload the router.
Also debug ip packet does not support the VRF option.
Hope to help
I enabled deb crypto isakmp and ipsec and icmp.
The problem is only with icmp
I see few message icmp, these messages is not traffic generated form me, but not see when I ping of my PC to ip public where I am connected.
I see messages if I ping from ISR Router to other device, but when I send icmp from other device to router, I don't see nothing.
I inserited logging console debug.
Fortunatly I don't need anymore (now) ,debug crypto isakmp, because the vpn with vrf work fine.
If anyone have a idea why not see icmp debug ok, but now I can go on with work.
Thanks a lot
We do not know much about your environment and that makes it difficult to give good advice. Are you saying that similar to the original post that debug for certain things like isakmp work fine but debug for icmp does not work fine? If you enable debug for icmp do you get some output but not all the output that you expect? Or do you get no output at all?
I offer the observation that debug can report only on things that were processed by the cpu. In our modern environment where we have multiple features that reduce dependance on the cpu that makes debug a less reliable tool.
Yes the CEF switching might be the reason but my router platform seems not to support disabling a CEF switching. Thank you for the useful information.
You are welcome. This is a significant point and one that is frequently not well recognized. Many of us (especially those with long experience in networking) tend to assume that with the appropriate debug that we can see just about anything happening on our network device. We need to recognize that this is not as true as it used to be and that tools like packet capture may need to play the role that we sometimes used debug for.