Troubleshooting
You can alter IKE SA or IPsec SA enactment application the alter isakmp and
debug ipsec commands.These commands tend to aftermath a lot of output, but they
are accessible to accept if you apperceive how IPsec works. For example, the following
part of a log tells us that IKE negotiations were completed successfully:
ISAKMP (0): Checking ISAKMP transform 1 adjoin antecedence 9 policy
ISAKMP: encryption DES-CBC
ISAKMP: assortment SHA
ISAKMP: absence accumulation 1
ISAKMP: auth pre-share
ISAKMP: activity blazon in seconds
ISAKMP: activity continuance (VPI) of 0x0 0x1 0x51 0x80
ISAKMP (0): atts are acceptable. Next burden is 0
ISAKMP (0): SA is accomplishing pre-shared key affidavit application id type
ID_IPV4_ADDR
return cachet is IKMP_NO_ERROR
On the added hand, article agnate to the afterward achievement will acquaint you
that the IKE capital approach barter bootless (IKMP_NO_ERROR_NO_TRANS)
because a accepted angle (transform set) was not found:
VPN Peer: ISAKMP: Added new peer: ip:PIX2 Total VPN Peers:3
VPN Peer: ISAKMP: Peer ip:PIX2 Ref cnt incremented to:1 Total VPN
Peers:3
ISAKMP (0): alpha Capital Approach exchange
crypto_isakmp_process_block: src PIX2, dest PIX1
return cachet is IKMP_NO_ERR_NO_TRANS
ISAKMP (0): retransmitting appearance 1...