IPsec Diagnostic Tools within Cisco IOS

Previous page
Table of content
Next page

The most commonly used categories of diagnostic tools used within Cisco IOS are show and debug commands. Throughout the course of this chapter, we will use variations of these two command sets to diagnose issues commonly found within Cisco IOS. As we've discussed, there are detailed steps that occur during the formation of Internet Security Association and Key Management Protocol (ISAKMP) and IPsec negotiation between two IPsec VPN endpoints. We will examine common errors in these steps through execution of the following debugging commands within IOS:

  • debug crypto isakmp

  • debug crypto IPsec

Additionally, we will explore several show commands necessary to uncover common errors and performance issues related to the negotiate of IPsec VPN tunnels, including fragmentation/maximum transmission unit (MTU) issues, quality of service (QoS) issues, Network Address Translation (NAT) issues, and issues relating to recursive routing. A subset of the commands we will discuss to address these issues includes:

  • show crypto isakmp sa

  • show crypto isakmp sa nat

  • show crypto IPsec sa

  • show crypto engine connections active

  • show crypto engine connections dropped-packet

  • show crypto engine connections flow

  • show crypto engine qos



Previous page
Table of content
Next page
IPsec Virtual Private Network Fundamentals
IPSec Virtual Private Network Fundamentals
ISBN: 1587052075
EAN: 2147483647
Year: N/A
Pages: 113
Authors: James Henry Carmouche
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Metrics and Models in Software Quality Engineering (2nd Edition)
VBScript Programmers Reference
Introduction to 80x86 Assembly Language and Computer Architecture
802.11 Wireless Networks: The Definitive Guide, Second Edition
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy