Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
5
Helpful
2
Replies

VPN debug

Alex Sykes
Level 1
Level 1

‎05-08-2013 05:31 AM

Hi all,

Can you tell me if there's any way of narrowing down a degub for a peer address only?  For example, I currently run '

debug crypto isakmp 127' which captures everything, but can I run the same debug for peer address 1.1.1.1?

I know you can run 'sh crypto ipsec sa peer 1.1.1.1'.

We're using an ASA5520 (8.4.2).

Many thanks

Alex


Labels:
0 Helpful
2 Replies 2

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎05-08-2013 05:43 AM

Hi Alex ,

You can use conditional debug for a specific peer in this case.

That is for the peer X.X.X.X, you can issue the following command to see debugging output related only to that peer.

You issue this following command before you start debugging.

debug crypto condition peer X.X.X.X

After that , you can start the debugging as usual by issuing "debug crypto isakmp 200" command.

FYI :

This same conditional command can be used to do filtering based on other parameters such as group name , IPsec SPI , user name and few others.

Thanks,

Dinesh Moudgil

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Alex Sykes
Level 1
Level 1
In response to Dinesh Moudgil

‎05-08-2013 05:55 AM

Hi Dinesh,

Many thanks for your very quick answer.

It was exactly what I needed.

Kind regards

Alex

0 Helpful
Customers Also Viewed These Support Documents