Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
651
Views
0
Helpful
6
Replies

Definitive IPSec troubleshooting document?

drumrb0y
Level 1
Level 1

‎03-21-2005 07:17 PM - edited ‎02-21-2020 01:40 PM

As the NW Admin over a PIX 535, a VPN 3030, about twenty 1700 VPN routers and about 35 VPN Client users, I'm constantly in need of IPSec troubleshooting guidance; considering that I have virtually zero formal training on the technology, I'm in a bind when there are circumstances that won't allow for days of research through the zillions of Cisco Tech. documents here.

What I could really use is a troubleshooting or command reference for troubleshooting IPSec/isakmp negotiation in IOS 12.3 or for PIX 6.4 - I lack the command knowledge to properly troubleshoot failed negotiations and need a guide to help with command syntax for tweaking the configs on the PIX, VPN3030 or 1700 routers.

Suggestions on where to look - either here in the Cisco Documentation or elsewhere?

Thanks,

Marc

Labels:
0 Helpful
6 Replies 6

umedryk
Level 5
Level 5

‎03-28-2005 06:57 AM

you can get the troubleshooting documents on the Cisco.com, click on left side "technology support and documentation", click on product support, security and vpn, choose appropriate box and select the troubleshooting documents.

0 Helpful

drumrb0y
Level 1
Level 1
In response to umedryk

‎03-28-2005 01:31 PM

Thanks for the direction, but I'm in need of a document that lists the IOS and/or PIX commands used to troubleshoot an IPsec VPN tunnel and the traffic routed across it.

I find documents every day that contain one, two, or several 'show' commands, but it's difficult to find one that describes what to look for within the output that would indicate failure of that phase to complete, and what to do about it should it fail at that phase; most references that I've seen either display the proper config, display the output of 'show' commands with a running tunnel, or mention something about "contact the IPSec administrator" - which would be me!

I know that every Cisco device runs a different flavor of IOS, thus each device will have a different procedure to troubleshoot IPSec negotiation (which is an entirely different beef of which I have no time or space to get into further...), but ideally, there should be a single reference document to abstractly troubleshoot IPSec/VPN connections and a step-by-step procedure to correct Phase I, Phase II failure, or VPN routing failure, regardless of the hardware of the situation.

Imagine how many Forum threads would be closed out by combining all of the PIX-PIX/3030-PIX/7200-7200/1700-PIX/7200-1700/3600-7200/PIX-7200/3030-3030/6500-7200/1700-6500/PIX-3600/1700-3600 IPSec troubleshooting into a single document...

Am I just failing to find the right document...or is that just wishful thinking?

Marc

0 Helpful

peter.humphreys
Level 1
Level 1
In response to drumrb0y

‎05-31-2005 04:55 AM

Just browsing the archives and i found your post. this reply is a little late :) but you should look for Troubleshooting Virtual Private Networks written by Cisco Press. I just got this book and it is really good for ipsec troubleshooting.

0 Helpful

Not applicable
In response to drumrb0y

‎05-31-2005 06:23 AM

0 Helpful

jmia
Level 7
Level 7
In response to

‎05-31-2005 06:32 AM

Check out Cisco Press, here:

http://www.ciscopress.com/title/1587051044

Hope this helps,

Jay

0 Helpful

drumrb0y
Level 1
Level 1
In response to jmia

‎06-01-2005 05:37 AM

Thanks to both of you gents for that book;

Late is better than never - I'll look into having my supervisor add this to our library; it will certainly be put to use right away!

Marc

0 Helpful
Customers Also Viewed These Support Documents