Solved: Thanks acalvonu,

rajeshcv49 · ‎12-19-2015

HI,

I configure the 10 Ipsec site to site tunnel's, when i configure the 11th tunnel phase 1 not establishing, I want debug the 11th isakmp packet, how debug the only for that particular tunnel isakmp packets

acalvonu · ‎12-20-2015

Hi,

You can use the following command to filter the debugs only for one specific tunnel, either phase 1 or 2:

debug crypto condition peer 1.1.1.1 (peer IPaddress)

the above command shows debugs only for that specific peer (tunnel), then you enable the regular commands:

debug crypto isakmp 150 > for phase 1 on ASA version 8.2

debug crypto ikev1 150 > for phase 1 on ASA version 8.3 later

debug crypto ipsec 150 > for phase 2 either on ASA 8.2 or later

then in order to disable the debug for one peer only use:

debug crypto condition reset

un all

I hope this helps!

View solution in original post

acalvonu · ‎12-20-2015

Hi,

You can use the following command to filter the debugs only for one specific tunnel, either phase 1 or 2:

debug crypto condition peer 1.1.1.1 (peer IPaddress)

the above command shows debugs only for that specific peer (tunnel), then you enable the regular commands:

debug crypto isakmp 150 > for phase 1 on ASA version 8.2

debug crypto ikev1 150 > for phase 1 on ASA version 8.3 later

debug crypto ipsec 150 > for phase 2 either on ASA 8.2 or later

then in order to disable the debug for one peer only use:

debug crypto condition reset

un all

I hope this helps!

Karsten Iwen · ‎12-20-2015

Perhaps there is no need to debug. Which ASA are you running? If it's a 5505 Base, then the device will only support 10 VPNs.

rajeshcv49 · ‎12-20-2015

Thanks for Replay, Just need to know, How debug the phase 1 packet for particular tunnel within that 10 tunnels.

rajeshcv49 · ‎12-20-2015

Thanks acalvonu,

We can debug the for particular tunnel with the command which you post in above message.

ASA vpn