Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
18649
Views
0
Helpful
3
Replies

Debug commands for IPsec VPN

Go to solution
abob21
Level 1
Level 1

‎07-11-2017 02:30 AM - edited ‎02-21-2020 09:21 PM

Hi All,

I would like to monitor Ipsec VPN tunnel logs because having intermittent connection loss to remote host.

May I know below debug commands are safe to run on prod router, any performance impacted? or If you have any better solution please suggest.

  • debug crypto ipsec
  • debug crypto isakmp
  • debug crypt engine

Thanks in advance!

Bob

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee

‎07-11-2017 02:42 AM

Hi Bob,

If there are multiple tunnels then i would not recommend to use these debugs as it would spike the CPU usage on the device.

You can turn on conditional debugging using the command:

debug cry condition peer <>

Regards,

Aditya

View solution in original post

0 Helpful

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to abob21

‎07-11-2017 08:33 PM

Hi Bob,

Thanks a lot.

Please mark it as a solution if it has answered your query.

Regards,

Aditya

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee

‎07-11-2017 02:42 AM

Hi Bob,

If there are multiple tunnels then i would not recommend to use these debugs as it would spike the CPU usage on the device.

You can turn on conditional debugging using the command:

debug cry condition peer <>

Regards,

Aditya

0 Helpful

Go to solution
abob21
Level 1
Level 1
In response to Aditya Ganjoo

‎07-11-2017 06:18 PM

Hi Aditya,

Thank for your reply. Currently just one tunnel using but soon to have multiple tunnels.

I will try conditional debug command. 

Regards,

Bob

0 Helpful

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to abob21

‎07-11-2017 08:33 PM

Hi Bob,

Thanks a lot.

Please mark it as a solution if it has answered your query.

Regards,

Aditya

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents