Note
If you have numerous of IPsec sessions established to a security appliance, enabling the crypto ike and crypto ipsec debugs can generate a lot of output. In Version 8.0 and later, the crypto conditional debug feature was introduced, which enables a user to debug an IPsec tunnel based on predefined conditions such as the peer’s IP address, SPI values, or even the connection ID. For example, if you want to look at the crypto isakmp and crypto ipsec debugs for peer 209.165.200.225, enable the following commands:
debug crypto isakmp 127debug crypto ipsec 127debug crypto condition peer 209.165.200.225
Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
