1. Home
  2. Cisco Systems
  3. debugging failed vpn

debugging failed vpn

Hi All: I'm trying to debug a site-to-site VPN between two PIX 506e that stopped working. It was recommended I run:

sh crypto ipsec sa debug crypto isakmp

The results of the first command are below. The second command didn't return any results. Can someone point me in the direction of where to go next?

Result of firewall command: "sh crypto ipsec sa"

interface: outside Crypto map tag: site2siteVPN, local addr. pix1.external.IP local ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0) current_peer: pix2.external.IP:0 PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0 #send errors 9, #recv errors 0 local crypto endpt.: pix1.external.IP, remote crypto endpt.: pix2.external.IP path mtu 1492, ipsec overhead 0, media mtu 1492 current outbound spi: 0 inbound esp sas: inbound ah sas: inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas: local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (10.10.2.0/255.255.255.255/0/0) current_peer: another.external.ip:500 dynamic allocated peer ip: 10.10.2.0 PERMIT, flags={} #pkts encaps: 1169, #pkts encrypt: 1169, #pkts digest 1169 #pkts decaps: 861, #pkts decrypt: 861, #pkts verify 861 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: pix1.external.IP, remote crypto endpt.:

68.161.247.47 path mtu 1492, ipsec overhead 56, media mtu 1492 current outbound spi: 23b0bb94 inbound esp sas: spi: 0xdad0fffc(3671130108) transform: esp-3des esp-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 3, crypto map: site2siteVPN sa timing: remaining key lifetime (k/sec): (4607926/28537) IV size: 8 bytes replay detection support: Y inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0x23b0bb94(598784916) transform: esp-3des esp-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 4, crypto map: site2siteVPN sa timing: remaining key lifetime (k/sec): (4607825/28537) IV size: 8 bytes replay detection support: Y outbound ah sas: outbound pcp sas:
Reply to
cisco
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.