Debug Commands

Sometimes, you might not be able to figure out what is causing tunnel problems. A client might not be able to create an IPSec tunnel even though the configuration parameters appear to be good. Some excellent commands to troubleshoot IKE and IPSec are the following commands:

  • debug crypto ipsec— Displays IPSec events.

  • debug crypto isakmp— Displays IKE events.

If you issue debug crypto isakmp and see any text within the debug out that states 'SA is not authenticated', that means IKE Phase 1 authentication failed. What happened was the local IPSec router tried to authenticate the remote IPSec router, and the local router was not able ...

Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.