Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1518
Views
0
Helpful
5
Replies

VPN debug commands

Andy White
Level 3
Level 3

‎10-06-2011 02:55 AM

Hello,

I have about 30 site-to-site VPN's going through our ASA 5520, sometimes I need to know about issues with phase 1 and especially phase 2 of a VPN were a remote site hasnt added the correct subent for example.  What commands can I use from the CLI, because when I do "debug crypto isakmp 7" or "debug crypto ipsec 7" I get too much information from other VPN's, can I narrow the debugs down to just the peer IP?

Thanks

Labels:
0 Helpful
5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

‎10-06-2011 03:52 AM

Yes you can..

Here is the command to debug on specific peer:

debug crypto condition peer address

Command reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/d1.html#wp2106282

0 Helpful

Andy White
Level 3
Level 3
In response to Jennifer Halim

‎10-06-2011 04:11 AM

Thanks, and is there a command to show all VPN's in brief?

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to Andy White

‎10-06-2011 04:15 AM

Yes, "show vpn-sessiondb" and you can choose which keyword after that as there is a few that you can choose from.

Here is the command reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/s7.html#wp1333764

0 Helpful

Andy White
Level 3
Level 3
In response to Jennifer Halim

‎10-06-2011 04:19 AM

Sorry I mean is there a view where is will show the peer address and update etc?

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to Andy White

‎10-06-2011 04:28 AM

Sorry, what do you mean by update?

Do you want to see debug output or show output?

0 Helpful
Customers Also Viewed These Support Documents