Troubleshooting cisco systems

Troubleshooting

You can alter IKE SA or IPsec SA enactment application the alter isakmp and

debug ipsec commands.These commands tend to aftermath a lot of output, but they

are accessible to accept if you apperceive how IPsec works. For example, the following

part of a log tells us that IKE negotiations were completed successfully:

ISAKMP (0): Checking ISAKMP transform 1 adjoin antecedence 9 policy

ISAKMP: encryption DES-CBC

ISAKMP: assortment SHA

ISAKMP: absence accumulation 1

ISAKMP: auth pre-share

ISAKMP: activity blazon in seconds

ISAKMP: activity continuance (VPI) of 0x0 0x1 0x51 0x80

ISAKMP (0): atts are acceptable. Next burden is 0

ISAKMP (0): SA is accomplishing pre-shared key affidavit application id type

ID_IPV4_ADDR

return cachet is IKMP_NO_ERROR

On the added hand, article agnate to the afterward achievement will acquaint you

that the IKE capital approach barter bootless (IKMP_NO_ERROR_NO_TRANS)

because a accepted angle (transform set) was not found:

VPN Peer: ISAKMP: Added new peer: ip:PIX2 Total VPN Peers:3

VPN Peer: ISAKMP: Peer ip:PIX2 Ref cnt incremented to:1 Total VPN

Peers:3

ISAKMP (0): alpha Capital Approach exchange

crypto_isakmp_process_block: src PIX2, dest PIX1

return cachet is IKMP_NO_ERR_NO_TRANS

ISAKMP (0): retransmitting appearance 1...