When your router has more than one vpn peer configured, troubleshooting one of the problematic crypto peer using debug crypto isakmp and debug crypto ipsec can get you crosseyed in no time. You'll feel like the console is doing a DOS on your brain.
In Cisco IOS Software Release 12.3(2)T, you can use the debug crypto condition command to filter debug output to a specific peer. You can use many criteria to customize the output, including peer IP, SPI, connid, flowid, etc. This filter causes the router to show only the crypto messages for the peer you are troubleshooting.
For example, first define a condition with a peer IP before enabling debug crypto:
debug crypto condition peer ipv4 2.2.2.2
debug crypto isakmp
debug crypto isakmp packet <---helpful hidden command debug crypto ipsec
To identify which debug conditions are active:
sh crypto debug-condition
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment