Olpeleri,

thanks for the clarifictaion.

Shoudl I keep debug crypto isakmp sa forever?

Can you provide some typical debug lines?

Is it normal to keep debugs always up on a production router ?

Thanks

The only reactive place where we keep information is in the flowmib

R100#sh crypto mib ike flowmib failure 

vrf Global

  Index:                       1                     

  Reason:                      Operator request             

  Failure time since reset:    00:04:12

  Local type:                  ID_IPV4_ADDR       

  Local Address:               10.10.10.254

  Local  value:                10.10.10.254

  Remote type:                 ID_IPV4_ADDR       

  Remote Address:              10.10.10.6

  Remote Value:                10.10.10.6

  Index:                       2                     

  Reason:                      Peer delete request          

  Failure time since reset:    00:05:52

  Local type:                  ID_IPV4_ADDR       

  Local Address:               10.10.10.254

  Local  value:                10.10.10.254

  Remote type:                 ID_IPV4_ADDR       

  Remote Address:              10.10.10.6

  Remote Value:                10.10.10.6

R100#sh crypto mib ipsec flowmib failure 

vrf Global

  Index:                       1                     

  Reason:                      Operation request            

  Failure time since reset:    00:04:11

  Src address:                 10.10.10.254

  Destination address:         10.10.10.6

  Index:                       2                     

  Reason:                      Peer delete request          

  Failure time since reset:    00:05:52

  Src address:                 10.10.10.254

  Destination address:         10.10.10.6