Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
118
Views
0
Helpful
3
Replies

VPN troubleshooting setup guide

Ramprasad2
Level 1
Level 1

‎08-08-2024 01:43 AM

can you share troubleshooting command
how to troubleshooting
1 if phase 1 tunnel not up
2 if phase 2 tunnel not up
3 when phase 1 and phase2 tunnel up but traffic not pass

can you share document link VPN troubleshooting guide step by step

 

Labels:
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎08-08-2024 02:54 AM

What ike ver. You run?

MHM

0 Helpful

Ramprasad2
Level 1
Level 1
In response to MHM Cisco World

‎08-08-2024 04:05 AM

ike2

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Ramprasad2

‎08-08-2024 02:36 PM

we agree about you need to use policy based VPN between FTD and meraki. 
Now 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115935-asa-ikev2-debugs.html

command to check PhaseI/II of IKEv2 in FTD same as that in ASA 

additional you can run 
packet tracer in FTD to see in which step the FTD drop packets 

in your OP you mention that IKEv2 is UP but traffic not pass so check two points here 
1- NAT exemption 
2- if you not use  sysopt connection permit-vpn then you need to add two ACP,
A- from IN -> OUT for traffic from Local to Remote LAN 
B- from OUT-> IN for traffic from Remote LAN to Local LAN 

MHM

0 Helpful
Customers Also Viewed These Support Documents