g.harper wrote:
What are some good commands to use when trying to troubleshoot an initial IPSEC site-to-site VPN? I guess I should mention I'm using an ASA5520 v8.04. It would be nice to have something that would tell you whether the management connection was being built or not or where the problems lie.
Thanks,
glh
debug crypto isakmp
debug crypto ipsec
to show the actual setup as it happens - isakmp = Phase1, ipsec = Phase 2. As with all debugging be aware that this will place an extra load on the firewall
sh crypto isakmp sa
sh crypto ipsec sa
to show the status of Phase 1 and Phase
see the command reference for full details of these commands -
ASA 8.0 command reference
Jon