Diagnostic Commands and Tools
show and debug commands are your friends for troubleshooting IPsec VPN issues on Cisco Router. You can diagnose any problem if you know how to use these commands and interpret their output correctly. This part of the chapter introduces and examines the show and debug commands in detail and tells you how to use them properly.
show Commands
show commands are used to determine the status of the tunnel and the activities relating to the tunnel. These commands display very short, concise information about the state of the tunnel. Most of the time, if interpreted properly, knowing the state of the tunnel helps you with first-hand analysis, and guides you in the right direction with your troubleshooting steps. For example, with the show crypto isakmp sa command (discussed next), if you realize that Phase I is not in the QM_IDLE state, then you need only to run the debug crypto isakmp command.
show Command for Phase I
To find the state information of Phase I of IPsec tunnel negotiation, use the following command:
Router# show crypto isakmp sa [detail]