This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
the_rock
MVP Gold
MVP Gold
‎2023-08-21 06:40 AM
In response to weiwei

K, lets start with the basics here. What do you see for phase 1 and 2? What about the other end? Its been a while since I worked on Cisco ASA, but I know you can check the status from ASDM, as well as ssh

I attached a file with some commands guy I used to work with gave me (he worked for Cisco TAC in India)

On CP side, you can run vpn tu and check ike and ipsec state, as well as vpn tu tlist -p ex_cisco_ip, so say vpn tu tlist -p 1.2.3.4

Also, on cp end, you can run below basic debugs:

vpn debug trunc

vpn debug ikeon

-generate traffic

-wait little bit, then run vpn debug ikeoff

get ike.elg and vpnd.elg from $FWDIR/log

examine and see if anything interesting

Hope that helps.

Andy

Best,
Andy
Preview file
4 KB
0 Kudos
(1)
Who rated this post