08-10-2019 05:59 AM - edited 02-21-2020 09:43 PM
How to check the flapping issue on VTI Ipsec tunnels in one of my peer in FMC or CLI. If we can check in FMC do let me know.
Solved! Go to Solution.
08-10-2019 10:22 AM
Hi,
VTI tunnel are not supported on FTD. If you mean how to verify status on FMC & FTD.
FMC has Dash board. However this shows only for Anyconnect according to the below document. There is no GUI for IPSEC AFAIK.
FTD
====
You need to login LINA.
> system support diagnostic-cli
#
Once mode is changed! you are in LINA, it's same as ASA Terminal. You can use below commands to View
show crypto ikev1 sa (for Ikev2 change it to Ikev2 instead of Ikev1)
show crypto ipsec sa peer x.x.x.x details
For Troubleshoot the issue.
debug crypto condition peer x.x.x.x (If you have multiple VPN, its preferred to use condition to avoid debugs of other peers )
debug crypto ikev1 127
debug crypto ipsec 127
Hope this helps.
08-10-2019 06:44 AM
08-10-2019 10:22 AM
Hi,
VTI tunnel are not supported on FTD. If you mean how to verify status on FMC & FTD.
FMC has Dash board. However this shows only for Anyconnect according to the below document. There is no GUI for IPSEC AFAIK.
FTD
====
You need to login LINA.
> system support diagnostic-cli
#
Once mode is changed! you are in LINA, it's same as ASA Terminal. You can use below commands to View
show crypto ikev1 sa (for Ikev2 change it to Ikev2 instead of Ikev1)
show crypto ipsec sa peer x.x.x.x details
For Troubleshoot the issue.
debug crypto condition peer x.x.x.x (If you have multiple VPN, its preferred to use condition to avoid debugs of other peers )
debug crypto ikev1 127
debug crypto ipsec 127
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide