Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
83
Views
0
Helpful
0
Comments

Virtual Private Network (VPN) Troubleshooting on UC500 Series through Cisco Configuration Assistant (CCA)

Small Business Community Team
Community Member

on ‎04-26-2016 08:59 AM

Objectives

The VPN Debug Log feature enables you to capture Cisco IOS debug information while troubleshooting a VPN issue for the UC500 platform and SR500 Series secure routers. You can also use this tool to gather VPN configuration and status data. The information is collected in text log files and bundled into a .zip archive file.

This document showcases the procedure to troubleshoot VPN, by Logging VPN Debugs on the Cisco Unified Communications UC500 series devices.

Applicable Devices

• UC500 Series Devices

Software Version

• 8.6.1 [ Firmware version ]
• 15.1(4)M4b-ADV-IP-SERV-CRYPTO [ IOS Version- UC560 ]
• 15.1(4)M5-ADV-IP-SERV-CRYPTO [ IOS Version- UC540 ]
• 3.2(3) [ Cisco Configuration Assistant ]

Troubleshooting VPN by Logging VPN Debugs

Step 1. In the Cisco Configuration Assistance (CCA), choose Troubleshoot > Security Diagnostics > VPN Debug Log. The VPN Debug Log page opens:

Step 2. Choose the device form the Hostname drop-down list.

Enabling Debug and Collecting Both the Troubleshooting Log and VPN Debug Data

Step 1. In the VPN Debug Log window, click Browse and choose a log file directory. Choose the type of VPN debug data to collect, the available options are:

• EZVPN — if you want all traffic between two client branch sites and headquarters passes through a Virtual Private Network (VPN) of IP Security (IPSec) encrypted tunnels.

• Site-to-site VPN (IPsec) — Internet Protocol Security (IPsec) it is a protocol suite for a secured IP communications by authenticating and encrypting each IP packet of a communication session.

• SSL VPN (Clientless) — Clientless SSL VPN is also called WebVPN allows a user to securely access resources on the corporate LAN from anywhere with an SSL-enabled Web browser.

• SSL VPN (Full Tunnel — SSL VPN Client downloads a small client to the remote workstation and allows full, secure access to the resources on the internal corporate network.

Step 2. Choose an ACL (access list) from the drop-down menu or enter a Web VPN user name.

Step 3. Click Apply Debug to begin generating debug information.

Step 4. Click Generate Troubleshooting Log. A .zip file is created in the specified log file directory. This log includes the output of VPN-related show commands and all of the security debug data. A progress bar displays while the log is generated.

Step 5. Click OK to close the window when the log is generated.

Step 6. Turn off (uncheck) all VPN debugging and click OK to close the window. All VPN debugging is disabled automatically when you close the window.

Generating a Troubleshooting Log

Step 1. In the VPN Debug Log window, click Browse and choose a log file directory.

Step 2. Click Generate Troubleshooting Log. You do not have to choose any VPN debug options or enable debugging. A text log file is created in the specified directory; no zip file is created. This log includes the output of firewall and NAT-related show commands. A progress bar displays while the log is generated.

Step 3. Click OK to close the window when the log is generated.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents