Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1080
Views
0
Helpful
1
Replies

VPN debugging output not showing on ASA

ibalvan
Level 1
Level 1

‎03-09-2020 08:15 AM

Hello to all!

 

I've noticed on couple of ASA 5506 boxes that after I turn on VPN debugging (debug crypto ikev1 127, or debug crypto ipsec 127, for example) erratic behavior starts to happen. Sometimes I get a lot of info, sometimes few lines but most of the times nothing! I'm referencing to SSH connections to ASAs, but everything is mirrored in ASDM. I've tried to fix it with TAC assistance but to no avail. Now I wonder am I alone in this, or did any of you have similar issues, and did you somehow manage to fix them?

 

Kind regards,

 

Igor

Labels:
0 Helpful
1 Reply 1

Sheraz.Salim
VIP
VIP

‎03-09-2020 10:22 AM - edited ‎03-09-2020 10:23 AM

get debug logs on SSH session is not a good practice. why dont you config a buffered logging and get logs from the buffered.

here the commands

!

logging buffered debugging
logging buffer-size 7665554

!

debug crypto condition peer x.x.x.x

debug crypto ikev1 127

debug crypto ipsec 127

 

this is the safest way if you dont have access to console the ASA.

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents