On the ASA / router run:
config t
monitor logging 7 // This allows you to see the output on vty lines e.g. telnet / SSH sessions
debug crypto isakmp 127
debug crypto ipsec 127
We can also filter the logging to a specific VPN peer e.g.:
debug crypto condition peer 1.1.1.1
If you are not seeing any expected output verify whether syslog is turned on with:
show logging
If it is you can use ADSM under Monitoring >> Logging to view / filter etc. the logs.
To help debug any VPN issues you can also use the following command to troubleshoot ISAKMP:
show isakmp sa
show ipsec sa
and
show isakmp sa detail
0 comments:
Post a Comment