12-19-2015 09:17 PM
HI,
I configure the 10 Ipsec site to site tunnel's, when i configure the 11th tunnel phase 1 not establishing, I want debug the 11th isakmp packet, how debug the only for that particular tunnel isakmp packets
Solved! Go to Solution.
12-20-2015 10:17 AM
Hi,
You can use the following command to filter the debugs only for one specific tunnel, either phase 1 or 2:
debug crypto condition peer 1.1.1.1 (peer IPaddress)
the above command shows debugs only for that specific peer (tunnel), then you enable the regular commands:
debug crypto isakmp 150 > for phase 1 on ASA version 8.2
debug crypto ikev1 150 > for phase 1 on ASA version 8.3 later
debug crypto ipsec 150 > for phase 2 either on ASA 8.2 or later
then in order to disable the debug for one peer only use:
debug crypto condition reset
un all
I hope this helps!
12-20-2015 10:17 AM
Hi,
You can use the following command to filter the debugs only for one specific tunnel, either phase 1 or 2:
debug crypto condition peer 1.1.1.1 (peer IPaddress)
the above command shows debugs only for that specific peer (tunnel), then you enable the regular commands:
debug crypto isakmp 150 > for phase 1 on ASA version 8.2
debug crypto ikev1 150 > for phase 1 on ASA version 8.3 later
debug crypto ipsec 150 > for phase 2 either on ASA 8.2 or later
then in order to disable the debug for one peer only use:
debug crypto condition reset
un all
I hope this helps!
12-20-2015 10:53 AM
Perhaps there is no need to debug. Which ASA are you running? If it's a 5505 Base, then the device will only support 10 VPNs.
12-20-2015 11:18 AM
Thanks for Replay, Just need to know, How debug the phase 1 packet for particular tunnel within that 10 tunnels.
12-20-2015 11:21 AM
Thanks acalvonu,
We can debug the for particular tunnel with the command which you post in above message.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: