Solved: How to see peer IDi in IKEv2 debugs on IOS?

tvotna · ‎07-24-2024

Remind me please which IOS debug prints peer's IKEv2 IDi. I got tired troubleshooting "IKEv2-ERROR:% IKEv2 profile not found".

ccieexpert · ‎07-25-2024

the default debug seems to show it to me

outer-20#

router-20#debug crypto ikev2
IKEv2 default debugging is on

Jul 26 02:57:21.474: IKEv2:(SA ID = 1):Stopping timer to wait for auth message
*Jul 26 02:57:21.474: IKEv2:(SA ID = 1):Checking NAT discovery
*Jul 26 02:57:21.474: IKEv2:(SA ID = 1):NAT not found
*Jul 26 02:57:21.474: IKEv2:(SA ID = 1):Searching policy based on peer's identity '198.18.133.100' of type 'IPv4 address'
*Jul 26 02:57:21.474: IKEv2:found matching IKEv2 profile 'IKEV2_PROFILE'
*Jul 26 02:57:21.474: IKEv2:% Getting preshared key from profile keyring KEYRING
*Jul 26 02:57:21.474: IKEv2:% Matched peer block 'ALL'

what version are you running ?

View solution in original post

ccieexpert · ‎07-25-2024

the default debug seems to show it to me

outer-20#

router-20#debug crypto ikev2
IKEv2 default debugging is on

Jul 26 02:57:21.474: IKEv2:(SA ID = 1):Stopping timer to wait for auth message
*Jul 26 02:57:21.474: IKEv2:(SA ID = 1):Checking NAT discovery
*Jul 26 02:57:21.474: IKEv2:(SA ID = 1):NAT not found
*Jul 26 02:57:21.474: IKEv2:(SA ID = 1):Searching policy based on peer's identity '198.18.133.100' of type 'IPv4 address'
*Jul 26 02:57:21.474: IKEv2:found matching IKEv2 profile 'IKEV2_PROFILE'
*Jul 26 02:57:21.474: IKEv2:% Getting preshared key from profile keyring KEYRING
*Jul 26 02:57:21.474: IKEv2:% Matched peer block 'ALL'

what version are you running ?

tvotna · ‎07-29-2024

Right. Looks like the guy who sent me debugs enabled "error", "packet" and "detail" debugs, but forgot to enable "debug crypto ikev2".