Solved: Lan 2 Lan Ipsec Debug commands

Hawk · ‎11-12-2018

Does anyone recommend any troubleshooting steps for establishing a tunnel with a remote peer? I do not have admin control of the other side. I expect things to work but would like to see specifically how experienced admins are troubleshooting phase 1 & phase 2 connections?

mkazam001 · ‎11-12-2018

in addition to previous cmds:

sh crypto isakmp sa detail
sh crypto ipsec sa peer peer-ip
sh vpn-sessiondb l2l
sh vpn-sessiondb l2l [filter name x.x.x.x]

clear crypto ikev1 sa peer peer-ip bounce tunnel phase 1
clear crypto ipsec sa peer peer-ip bounce tunnel for phase 2

debug crypto ikev1 130 | ipsec 130

regards, mk

View solution in original post

Rob Ingram · ‎11-12-2018

Hi,

IKEv1:
debug crypto condition peer X.X.X.X
debug crypto ikev1 200

IKEv2:
debug crypto condition peer 3.3.3.1
debug crypto ikev2 platform 100
debug crypto ikev2 protocol 127

Confirm IKE/IPSec SAs:-
show crypto ikev2|ikev1 sa
show crypto ipsec sa

balaji.bandi · ‎11-12-2018

good place to start with more explanations :

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mkazam001 · ‎11-12-2018

in addition to previous cmds:

sh crypto isakmp sa detail
sh crypto ipsec sa peer peer-ip
sh vpn-sessiondb l2l
sh vpn-sessiondb l2l [filter name x.x.x.x]

clear crypto ikev1 sa peer peer-ip bounce tunnel phase 1
clear crypto ipsec sa peer peer-ip bounce tunnel for phase 2

debug crypto ikev1 130 | ipsec 130

regards, mk