ASA IPsec VPN debug troubleshooting commands
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2018 12:50 AM - edited 03-12-2019 05:04 AM
In our network infrastructure, there are 11 IPsec site-to-site vpn tunnel configured in ASA firewall, of which one of the tunnel is not getting established.
Please share the debug troubleshooting commands, specific to that IPSec tunnel without impacting ASA performances in production environment.
- Labels:
-
Other VPN Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2018 05:45 AM
Hi
Issue the command "show crypto isakmp sa"
Share the output please.
-If I helped you somehow, please, rate it as useful.-
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2018 01:19 PM
Hi,
You can enable the debugging for that specific peer only.
Commands:
IKEv1:
debug crypto condition peer X.X.X.X
debug crypto ikev1 200
IKEv2:
debug crypto condition peer X.X.X.X
debug crypto ikev2 platform 100
debug crypto ikev2 protocol 100
Rate if it helps.
Regards,
Josue Brenes
TAC - VPN Engineer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-06-2018 04:45 PM
Thanks, now the tunnel is up.
