Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
63813
Views
16
Helpful
1
Replies

How to know Site to Site VPN up or Down st.

ThomasMull9000
Level 1
Level 1

‎02-26-2012 06:47 AM

Hello GENTELMANS

am using cisco asa 5505 , and i created 3 site to site vpns to other companies i wanna now the our configruation is mismaching or completed , so how i know that both phase1 and phase 2 are completed or missing parameters ,

please help

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-26-2012 08:40 AM

Well, aside from traffic passing successfully through the new tunnels, the command:

     show crypto isakmp sa

will show the status of the tunnels (command reference). You should see a status of "mm active" for all active tunnels.

To see details for a particular tunnel, try:

     show vpn-sessiondb l2l

Details on that command usage are here.

If a site-site VPN is not establishing successfully, you can debug it. It's usually useful to narrow down the debug output first with "debug crypto condition peer  " and then turn on debugging level 7 for Ipsec and isakmp:

     debug cry ips 7

     debug cry isa 7 (debug crypto ikev1 or ikev2 on 8.4(1) or later)

Then introduce interesting traffic and watch the output for details. Remember to turn off all debugging when you're done ("no debug all").

Customers Also Viewed These Support Documents