cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Tool to diagnose VPN configuration problems

3854
Views
15
Helpful
8
Comments

Hello folks,

 

IPsec tunnels between two devices have many configuration options and settings that need to be aligned for the tunnels to come up correctly.  In fact we see hundreds of cases per month for configuration assistance requests for VPN tunnels.  In an effort to make things easier for our customers I wanted to introduce you to a tool that has been developed by myself and a few other Cisco TAC security engineers.

 

IPsec Lan-to-Lan Configuration Checker

(http://www.cisco.com/c/en/us/support/web/redirects/l2l-checker.html)

 

The tool checks the configuration of two devices (IOS or ASA), examines for the presence of a crypto map based tunnel between them.  If discovered it will do an analysis of the most common configuration mistakes and best practices.  This tool's goal is to help you identify any configuration reasons why your tunnel is not establishing or traffic is correctly passing over it.

 

Currently there it only support static crypto map Lan-to-Lan tunnels between IOS, IOS-XE and ASA devices.

 

If there is a specific feature you would like to see or if you run into problems with the tool please let use know at tool_l2l_checker_feedback@cisco.com

 

The tool was recently updated, here is an example of the output generated:

Here is an example of the older version:

 

Comments
Beginner

amazing tool
thanks !!!

VIP Advocate

Hey Jay,

Link directs to a "Page not found" section . Any updated links?

Cisco Employee

Thanks for the heads up.  I am having the IT group look into it.  Once we get it working again it will still be at the same link.

-Jay

Beginner

Do we need a service contract to access this tool?

Cisco Employee

Helios999,

You shouldn't need one at this time, this may change however.  You will need a CCO account though.

-Jay

Cisco Employee

Helios999,

I just double checked.  It is required to have an active contract.

-Jay

Community Member

I have an active contract on ASA, but i can't use that tool.

What i've missing?

Cisco Employee
If your company is a Cisco customer or Cisco Partner please visit the following link to associate your profile to your company.