Professional Documents
Culture Documents
Check for interesting traffic to initiate tunnel, check crypto ACLs for hit
counts
If not, verify Routing (static or RRI)
Verify if IKE SA is up (QM_Idle) for that peer
If not, verify for matching Pre-shared keys
Verify that the IKE policies (encr, auth, DH) are matching
Verify for matching IKE Identities
Verify if IPSec SAs are up (Inbound and Outbound SPIs)
If not, verify for matching IPSec transform sets
Verify for mirrored crypto ACLs on each side
Verify that the Crypto Map is applied on the right interface
Turn on IKE/IPSec debugs
IPSec Show Commands
To show IKE SA information:
show crypto isakmp sa <vrf> [detail]
show crypto isakmp peer <ip-addr>
To show IPSec SA information:
show crypto ipsec sa [ address | detail | interface | map | per | vrf ]
To show IKE and IPSec information together :
show crypto session [ fvrf | group | ivrf ] username | detail ]
show crypto engine connection active