Solved: debug crypto isakmp

communication.boy · ‎06-24-2011

I have a router which has around 20 Site to Site VPN sessions . The problem is only with one of the VPN session and I want to debug it . If i turn the debug of isakmp I will surely get all the debug messages of all VPN ( phase 1 ) . If I make an acl which says permit udp source destination eq 500 , and then put this in the debug ip packet command will I be able to achieve my result ?

Kelvin Willacey · ‎06-24-2011

Yes that should work as I have done it before with the chattiest of all debugs, debug ip packet, so you should be fine.

View solution in original post

Todd Pula · ‎06-24-2011

Depending on the version of code on your router, you can also try to configure a conditional filter for your crypto debugs so that you can focus on a particular peer IP address.

debug crypto condition peer ipv4 x.x.x.x

deb cry isa

deb cry ipsec

sh crypto debug-condition

Todd