Solved: Is there anyway to see VPN logs on ASA5516X?

rweir0001 · ‎06-15-2016

Hi,

I have an ASA5516X running Cisco Adaptive Security Appliance Software Version 9.5(2)10. I have a VPN tunnel that is frequently dropping and coming back up, but the configurations match on both sides of the tunnel. Is there anyway to checks logs on the ASA to see why this tunnel is dropping. I can find all sort of different crypto stats, but none of that information is really all that clear. Is there an easy way to view what's happening with the VPN, or is this going to involve running captures?

Rick

Jimmy Gerardo Campos Cortes · ‎06-15-2016

Hello Rick,

You can indeed view the logs on your ASA, you can use the following commands:

> debug crypto condition peer x.x.x.x (peer IP address to condition the debugging)

> debug crypto isakmp 200

This will give you details of what is going on with the tunnel.

I hope you find this information useful.

Regards.

Jimmy C

View solution in original post

Aditya Ganjoo · ‎06-15-2016

Hi Rick,

You can use the following configuration as well :

logging enable

logging list MyLog level debugging class vpn
logging list MyLog level debugging class vpnc
logging monitor informational
logging buffered debugging
logging trap MyLoglogging host inside 10.2.10.70

logging host <interface name> <Syslog server IP>

Regards,

Aditya

Please rate helpful posts and mark correct answers.