Solved: debug crypto isakmp question

l8nite4me2 · ‎06-21-2011

When you run the debug crypto isakmp command is there a way to limit the output to only a specific piece of information. Example, I want to only see the debug info for ip address x.x.x.x and no others. Is there a way to do this with the debug command?

Thanks

Loren Kolnes · ‎06-21-2011

Hi,

On the router you can use the "debug crypto condition peer" command

debug crypto condition peer ?

group IKE peer's Unity group name filter

hostname IKE peer FQDN hostname filter

ipv4 IKE peer IP address filter

subnet Range of IKE peer IP address

username IKE peer FQDN username filter

In your case the ipv4 option will limit the debugs to one host.

On the ASA there is a similar command that was release in 8.0(2).

debug crypto condition peer ?

Hostname or A.B.C.D Peer address or hostname

Hostname or X:X:X:X::X Peer IPv6 address or hostname

Let me know if this helps.

Regards,

Loren

View solution in original post

Loren Kolnes · ‎06-21-2011

Hi,

On the router you can use the "debug crypto condition peer" command

debug crypto condition peer ?

group IKE peer's Unity group name filter

hostname IKE peer FQDN hostname filter

ipv4 IKE peer IP address filter

subnet Range of IKE peer IP address

username IKE peer FQDN username filter

In your case the ipv4 option will limit the debugs to one host.

On the ASA there is a similar command that was release in 8.0(2).

debug crypto condition peer ?

Hostname or A.B.C.D Peer address or hostname

Hostname or X:X:X:X::X Peer IPv6 address or hostname

Let me know if this helps.

Regards,

Loren

l8nite4me2 · ‎06-21-2011

Loren,

That is exactly what I was searching for, thanks for the reply.

John

fsebera · ‎06-21-2011

yes, tie the debug command to an ACL.

Your acl should permit just the IP address of the desired host.

EX: debug ip packet detail 1300 - where 1300 is your extended ACL.

Hope this helps!

Frank