02-19-2015 11:37 AM
I heard in video course that there is a technique to cut VPN and connect again
how to do this?
if i want to capture the diffe hellman exchange and try my own decryption algorithm for the key, how to do ?
02-20-2015 12:54 PM
To kill existing tunnel, you can use clear command.
phase one clear
clear crypto isakmp sa peer 1.1.1.1
phase two clear
clear crytop ipsec sa peer 1.1.1.1
To see, connection establishment.
debug crypto isakmp sa 7
debug crypto ipsec sa 7
Hope this helps.
Thanks
02-21-2015 07:19 AM
Hi,
Can you be a little more elaborate about cutting the VPN tunnel? Are you referring to 'intercepting' the packets? Or, to disconnect an existing tunnel? Or, to simply check the debugs?
For 2, the commands are different on router and ASA. On router:
clear crypto sa peer <a.b.c.d> (to clear phase 2 SA)
clear crypto isakmp <conn id> (to clear phase 1 SA)
On ASA :
clear crypto ipsec sa peer <a.b.c.d> (to clear phase 2 SA)
clear crypto isakmp sa (to clear phase 1 SA) ---> No option to clear the ISAKMP SA for a particular peer using this command.
For 3, you can use conditional debugs. On ASA :
debug crypto condition peer <a.b.c.d>
debug crymp isakmp 128
debug crypto ipsec 128
On router :
debug crypto condition peer ipv4 <a.b.c.d>
debug crypto isakmp
debug crypto ipsec
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide