Cisco ASA Notes: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
|||
Line 28: | Line 28: | ||
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution05 | http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution05 | ||
== examining objects == | |||
<pre> | |||
fw/act# sh run object-group network id mgmt_nets | |||
^ | |||
ERROR: % Invalid input detected at '^' marker. | |||
fw/act# | |||
fw/act# sh run object-group id mgmt_nets | |||
object-group network mgmt_nets | |||
network-object 10.21.254.0 255.255.255.0 | |||
network-object 10.21.255.0 255.255.255.0 | |||
network-object 10.21.253.0 255.255.255.0 | |||
network-object 10.21.252.0 255.255.255.0 | |||
network-object 10.21.248.0 255.255.255.0 | |||
network-object 10.21.97.0 255.255.255.0 | |||
fw/act# | |||
</pre> |
Revision as of 14:50, 27 May 2015
Is my vpn up?
Phase 1:
show crypto isakmp sa
Phase 2:
show crypto ipsec sa peer X.X.X.X
Is phase 2 up?
asa# show crypto ipsec sa | inc <far end net> asa#
reset the sa:
clear crypto isakmp sa client-fw clear crypto ipsec sa peer client-fw
show crypto isakmp sa peer client-fw show crypto ipsec sa peer client-fw
troubleshooting vpn :
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution05
examining objects
fw/act# sh run object-group network id mgmt_nets ^ ERROR: % Invalid input detected at '^' marker. fw/act# fw/act# sh run object-group id mgmt_nets object-group network mgmt_nets network-object 10.21.254.0 255.255.255.0 network-object 10.21.255.0 255.255.255.0 network-object 10.21.253.0 255.255.255.0 network-object 10.21.252.0 255.255.255.0 network-object 10.21.248.0 255.255.255.0 network-object 10.21.97.0 255.255.255.0 fw/act#