Debug Commands

Previous page
Table of content
Next page

Sometimes, you might not be able to figure out what is causing tunnel problems. A client might not be able to create an IPSec tunnel even though the configuration parameters appear to be good. Some excellent commands to troubleshoot IKE and IPSec are the following commands:

  • debug crypto ipsec ” Displays IPSec events.

  • debug crypto isakmp ” Displays IKE events.

graphics/alert_icon.gif

If you issue debug crypto isakmp and see any text within the debug out that states 'SA is not authenticated' , that means IKE Phase 1 authentication failed. What happened was the local IPSec router tried to authenticate the remote IPSec router, and the local router was not able to authenticate the remote IPSec router.


graphics/alert_icon.gif

If you issue debug crypto isakmp and see any text within the debug out that states 'attribute not offered ' , that means the IPSec peers failed to agree upon a matching IKE policy. Remember, when configuring an IKE Phase 1 policy, at least one policy must match (exactly) on both the local IPSec router and the remote IPSec router.



Previous page
Table of content
Next page
CCSP SECUR Exam Cram 2
CCSP SECUR Exam Cram 2 (642-501)
ISBN: B000MU86IQ
EAN: N/A
Year: 2003
Pages: 291
Authors: Raman Sud
BUY ON AMAZON
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Information Dashboard Design: The Effective Visual Communication of Data
Cultural Imperative: Global Trends in the 21st Century
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
The Oracle Hackers Handbook: Hacking and Defending Oracle
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy