Here are some nice troubleshooting tips:
Tear down IPSEC tunnel: clear ipsec sa
clear crypto ipsec sa — This command resets the IPsec SAs after failed attempts to negotiate a VPN tunnel.
clear crypto isakmp sa — This command resets the ISAKMP SAs after failed attempts to negotiate a VPN tunnel.
Capture packets on interface:
capture CAPTURENAME access-list ACCESSLISTNAME interface INSIDE/OUTSIDE
Check hits on access-lists: sh access-list
Use more system:running-config to be able to read and verify the pre-shared keys in clear text.
Links
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00807f2d37.shtml
Leave a Reply