on 10-21-2015 08:06 AM
Hello folks,
IPsec tunnels between two devices have many configuration options and settings that need to be aligned for the tunnels to come up correctly. In fact we see hundreds of cases per month for configuration assistance requests for VPN tunnels. In an effort to make things easier for our customers I wanted to introduce you to a tool that has been developed by myself and a few other Cisco TAC security engineers.
IPsec Lan-to-Lan Configuration Checker
(http://www.cisco.com/c/en/us/support/web/redirects/l2l-checker.html)
The tool checks the configuration of two devices (IOS or ASA), examines for the presence of a crypto map based tunnel between them. If discovered it will do an analysis of the most common configuration mistakes and best practices. This tool's goal is to help you identify any configuration reasons why your tunnel is not establishing or traffic is correctly passing over it.
Currently there it only support static crypto map Lan-to-Lan tunnels between IOS, IOS-XE and ASA devices.
If there is a specific feature you would like to see or if you run into problems with the tool please let use know at tool_l2l_checker_feedback@cisco.com
The tool was recently updated, here is an example of the output generated:
Here is an example of the older version:
amazing tool
thanks !!!
Hey Jay,
Link directs to a "Page not found" section . Any updated links?
Thanks for the heads up. I am having the IT group look into it. Once we get it working again it will still be at the same link.
-Jay
Do we need a service contract to access this tool?
Helios999,
You shouldn't need one at this time, this may change however. You will need a CCO account though.
-Jay
Helios999,
I just double checked. It is required to have an active contract.
-Jay
I have an active contract on ASA, but i can't use that tool.
What i've missing?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: