EasyManuals Logo

Cisco 2800 Series User Manual

Cisco 2800 Series
266 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #180 background imageLoading...
Page #180 background image
Hoot and Holler over V3PN Configuration Example
Troubleshoot
40
OL-6573-01
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: FFFFFFFF
crypto engine state: installed
crypto engine in slot: N/A
Troubleshoot
This section provides information you can use to confirm that your configuration is working properly.
See the following tech notes:
IP Security Troubleshooting - Understanding and Using debug Commands
Troubleshooting Commands
Note
Before issuing debug commands, please see Important Information on Debug Commands.
The following debug commands must be running on both IPSec routers (peers). Security associations
must be cleared on both peers.
debug crypto engine—Displays information pertaining to the crypto engine, such as when the
Cisco
IOS software is performing encryption or decryption operations.
debug crypto ipsec—Displays IPSec negotiations of phase 2.
debug crypto isakmp—Displays ISAKMP negotiations of phase 1.
debug ip pim auto-rp—Displays the contents of each PIM packet used in the automatic discovery
of group-to-rendezvous point (RP) mapping as well as the actions taken on the address-to-RP
mapping database.
clear crypto isakmp—Clears the security associations related to phase 1.
clear crypto sa—Clears the security associations related to phase 2.
The following is an example of output for the debug crypto isakmp and debug crypto ipsec commands.
Relevant display output is shown in bold text, and comments are preceded by an exclamation point and
shown in italics.
router# debug crypto isakmp
router# debug crypto ipsec
Jul 29 16:06:33.619 PDT: ISAKMP (0:134217730): received packet from 10.32.150.46 dport 500
sport 500 Global (I) MM_SA_SETUP
Jul 29 16:06:33.619 PDT: ISAKMP:(0:2:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 29 16:06:33.619 PDT: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4
Jul 29 16:06:33.619 PDT: ISAKMP:(0:2:SW:1): processing KE payload. message ID = 0
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): processing NONCE payload. message ID = 0
Jul 29 16:06:33.635 PDT: ISAKMP: Looking for a matching key for 10.32.150.46 in default :
success
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1):found peer pre-shared key matching 10.32.150.46
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1):SKEYID state generated
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): processing vendor id payload
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): vendor ID is Unity
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): processing vendor id payload

Table of Contents

Other manuals for Cisco 2800 Series

Preview: Quick Start Guide
Quick Start Guide46 pages
Preview: Datasheet
Datasheet5 pages
Preview: Configuring
Configuring32 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 2800 Series and is the answer not in the manual?

Cisco 2800 Series Specifications

General IconGeneral
Power SupplyInternal power supply
Product TypeRouter
Form FactorRack-mountable
Connectivity TechnologyWired
Power DeviceInternal power supply
Operating SystemCisco IOS
Integrated ServicesSecurity, voice
WAN InterfacesT1/E1, Serial
LAN InterfacesFast Ethernet, Gigabit Ethernet
Expansion Slots4
Data Link ProtocolEthernet, Fast Ethernet, Gigabit Ethernet
Network/Transport ProtocolIP, TCP
Remote Management ProtocolSNMP, Telnet
FeaturesVPN support, Quality of Service (QoS), VLAN support
Voltage RequiredAC 100-240 V
Security FeaturesFirewall, VPN, Access Control Lists (ACLs)

Related product manuals