Cisco ASA Notes: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
m (David moved page Asa Notes to Cisco ASA Notes) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 18: | Line 18: | ||
clear crypto isakmp sa client-fw | clear crypto isakmp sa client-fw | ||
clear crypto ipsec sa | clear crypto ipsec sa peer client-fw | ||
Line 28: | Line 28: | ||
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution05 | http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution05 | ||
== examining objects == | |||
<pre> | |||
fw/act# sh run object-group network id mgmt_nets | |||
^ | |||
ERROR: % Invalid input detected at '^' marker. | |||
fw/act# | |||
fw/act# sh run object-group id mgmt_nets | |||
object-group network mgmt_nets | |||
network-object 10.21.254.0 255.255.255.0 | |||
network-object 10.21.255.0 255.255.255.0 | |||
network-object 10.21.253.0 255.255.255.0 | |||
network-object 10.21.252.0 255.255.255.0 | |||
network-object 10.21.248.0 255.255.255.0 | |||
network-object 10.21.97.0 255.255.255.0 | |||
fw/act# | |||
</pre> |
Latest revision as of 05:05, 7 August 2022
Is my vpn up?
Phase 1:
show crypto isakmp sa
Phase 2:
show crypto ipsec sa peer X.X.X.X
Is phase 2 up?
asa# show crypto ipsec sa | inc <far end net> asa#
reset the sa:
clear crypto isakmp sa client-fw clear crypto ipsec sa peer client-fw
show crypto isakmp sa peer client-fw show crypto ipsec sa peer client-fw
troubleshooting vpn :
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution05
examining objects
fw/act# sh run object-group network id mgmt_nets ^ ERROR: % Invalid input detected at '^' marker. fw/act# fw/act# sh run object-group id mgmt_nets object-group network mgmt_nets network-object 10.21.254.0 255.255.255.0 network-object 10.21.255.0 255.255.255.0 network-object 10.21.253.0 255.255.255.0 network-object 10.21.252.0 255.255.255.0 network-object 10.21.248.0 255.255.255.0 network-object 10.21.97.0 255.255.255.0 fw/act#