Misc Troubleshooting

Here are some nice troubleshooting tips:

Tear down IPSEC tunnel: clear ipsec sa

  • clear crypto ipsec sa — This command resets the IPsec SAs after failed attempts to negotiate a VPN tunnel.

  • clear crypto isakmp sa — This command resets the ISAKMP SAs after failed attempts to negotiate a VPN tunnel.

    Capture packets on interface:

          capture CAPTURENAME access-list ACCESSLISTNAME interface INSIDE/OUTSIDE

    Check hits on access-lists: sh access-list

    Use more system:running-config to be able to read and verify the pre-shared keys in clear text.

    Links

    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00807f2d37.shtml

  • Leave a Reply