12-19-2015 09:17 PM
HI,
I configure the 10 Ipsec site to site tunnel's, when i configure the 11th tunnel phase 1 not establishing, I want debug the 11th isakmp packet, how debug the only for that particular tunnel isakmp packets
Solved! Go to Solution.
12-20-2015 10:17 AM
Hi,
You can use the following command to filter the debugs only for one specific tunnel, either phase 1 or 2:
debug crypto condition peer 1.1.1.1 (peer IPaddress)
the above command shows debugs only for that specific peer (tunnel), then you enable the regular commands:
debug crypto isakmp 150 > for phase 1 on ASA version 8.2
debug crypto ikev1 150 > for phase 1 on ASA version 8.3 later
debug crypto ipsec 150 > for phase 2 either on ASA 8.2 or later
then in order to disable the debug for one peer only use:
debug crypto condition reset
un all
I hope this helps!
12-20-2015 10:17 AM
Hi,
You can use the following command to filter the debugs only for one specific tunnel, either phase 1 or 2:
debug crypto condition peer 1.1.1.1 (peer IPaddress)
the above command shows debugs only for that specific peer (tunnel), then you enable the regular commands:
debug crypto isakmp 150 > for phase 1 on ASA version 8.2
debug crypto ikev1 150 > for phase 1 on ASA version 8.3 later
debug crypto ipsec 150 > for phase 2 either on ASA 8.2 or later
then in order to disable the debug for one peer only use:
debug crypto condition reset
un all
I hope this helps!
12-20-2015 10:53 AM
Perhaps there is no need to debug. Which ASA are you running? If it's a 5505 Base, then the device will only support 10 VPNs.
12-20-2015 11:18 AM
Thanks for Replay, Just need to know, How debug the phase 1 packet for particular tunnel within that 10 tunnels.
12-20-2015 11:21 AM
Thanks acalvonu,
We can debug the for particular tunnel with the command which you post in above message.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide