- Cisco ipsec vpn client troubleshoot license key#
- Cisco ipsec vpn client troubleshoot software#
- Cisco ipsec vpn client troubleshoot series#
Since phase 2 (security associations) SAs are unidirectional, each SA shows traffic in only one direction (encryptions are outbound, decryptions are inbound). This command shows each phase 2 SA built and the amount of traffic sent. Outbound pcp sas: show crypto engine connection active Slot: 0, conn id: 3443, flow_id: 1444, crypto map: test Sa timing: remaining key lifetime (k/sec): (4608000/52) Slot: 0, conn id: 3442, flow_id: 1443, crypto map: test #pkts decompress failed: 0, #send errors 1, #recv errors 0 #pkts compressed: 0, #pkts decompressed: 0 interface: FastEthernet0Ĭrypto map tag: test, local addr. This output shows an example of the show crypto ipsec sa command. Authentication Header (AH) is not used since there are no AH SAs. You can see the two Encapsulating Security Payload (ESP) SAs built inbound and outbound. The encrypted tunnel is built between 12.1.1.1 and 12.1.1.2 for traffic that goes between networks 20.1.1.0 and 10.1.1.0. This command shows IPsec SAs built between peers. dst src state conn-id slotġ2.1.1.2 12.1.1.1 QM_IDLE 1 0 show crypto ipsec sa This command shows the Internet Security Association Management Protocol (ISAKMP) security associations (SAs) built between peers.
Refer to Common IPsec Error Messages and Common IPsec Issues for more details.
Cisco ipsec vpn client troubleshoot software#
The topics in this section describe the Cisco IOS Software debug commands. Refer to Cisco Technical Tips Conventions for more information on document conventions. If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration.
The information in this document was created from the devices in a specific lab environment.
Cisco ipsec vpn client troubleshoot license key#
PIX-V5.0 and later, which requires a single or triple DES license key in order to activate.
Cisco ipsec vpn client troubleshoot series#
Triple DES is available on the Cisco 2600 series and later. K2-Indicates triple DES feature (on Cisco IOS Software Release 12.0 and later). The information in this document is based on these software and hardware versions:ĥ6i-Indicates single Data Encryption Standard (DES) feature (on Cisco IOS Software Release 11.2 and later). There are no specific requirements for this document. It contains a checklist of common procedures that you might try before you begin to troubleshoot a connection and call Cisco Technical Support. Refer to Most Common L2L and Remote Access IPsec VPN Troubleshooting Solutions for information on the most common solutions to IPsec VPN problems. This document assumes you have configured IPsec. This document describes common debug commands used to troubleshoot IPsec issues on both the Cisco IOS ? Software and PIX/ASA.