Cisco ASA Notes: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
(Created page with "== Is my vpn up? == Phase 1: show crypto isakmp sa Phase 2: show crypto ipsec sa peer X.X.X.X") |
m (David moved page Asa Notes to Cisco ASA Notes) |
||
(5 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
show crypto ipsec sa peer X.X.X.X | show crypto ipsec sa peer X.X.X.X | ||
Is phase 2 up? | |||
asa# show crypto ipsec sa | inc <far end net> | |||
asa# | |||
reset the sa: | |||
clear crypto isakmp sa client-fw | |||
clear crypto ipsec sa peer client-fw | |||
show crypto isakmp sa peer client-fw | |||
show crypto ipsec sa peer client-fw | |||
troubleshooting vpn : | |||
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml | |||
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution05 | |||
== examining objects == | |||
<pre> | |||
fw/act# sh run object-group network id mgmt_nets | |||
^ | |||
ERROR: % Invalid input detected at '^' marker. | |||
fw/act# | |||
fw/act# sh run object-group id mgmt_nets | |||
object-group network mgmt_nets | |||
network-object 10.21.254.0 255.255.255.0 | |||
network-object 10.21.255.0 255.255.255.0 | |||
network-object 10.21.253.0 255.255.255.0 | |||
network-object 10.21.252.0 255.255.255.0 | |||
network-object 10.21.248.0 255.255.255.0 | |||
network-object 10.21.97.0 255.255.255.0 | |||
fw/act# | |||
</pre> |
Latest revision as of 05:05, 7 August 2022
Is my vpn up?
Phase 1:
show crypto isakmp sa
Phase 2:
show crypto ipsec sa peer X.X.X.X
Is phase 2 up?
asa# show crypto ipsec sa | inc <far end net> asa#
reset the sa:
clear crypto isakmp sa client-fw clear crypto ipsec sa peer client-fw
show crypto isakmp sa peer client-fw show crypto ipsec sa peer client-fw
troubleshooting vpn :
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution05
examining objects
fw/act# sh run object-group network id mgmt_nets ^ ERROR: % Invalid input detected at '^' marker. fw/act# fw/act# sh run object-group id mgmt_nets object-group network mgmt_nets network-object 10.21.254.0 255.255.255.0 network-object 10.21.255.0 255.255.255.0 network-object 10.21.253.0 255.255.255.0 network-object 10.21.252.0 255.255.255.0 network-object 10.21.248.0 255.255.255.0 network-object 10.21.97.0 255.255.255.0 fw/act#