Verifying Cisco IPSEC VPN Connections

June 29, 2010

The following two commands can be used to verify Cisco VPN connections:

Router#show crypto ipsec sa

This command displays the settings used by the current Security Associations (SAs).

Router#show crypto isakmp sa

This command displays current IKE Security Associations.

Troubleshooting VPN Connections:

After confirming physical connectivity, audit both ends of the VPN connection to ensure they mirror each other.

Use debugging to analyze VPN connection difficulties:

Router#debug crypto isakmp

This command allows you to observe Phase 1 ISAKMP negotiations.

Router#debug crypto ipsec

This command allows you to observe Phase 2 IPSec negotiations.

Be the first to like this post.

From → Cisco

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

Recent Posts