Cisco ASA Notes

From Federal Burro of Information
Revision as of 05:05, 7 August 2022 by David (talk | contribs) (David moved page Asa Notes to Cisco ASA Notes)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Is my vpn up?

Phase 1: 

show crypto isakmp sa

Phase 2: 

show crypto ipsec sa peer X.X.X.X

Is phase 2 up? 

asa#  show crypto ipsec sa | inc <far end net>
asa#


reset the sa: 

clear crypto isakmp sa client-fw
clear crypto ipsec sa peer client-fw



show crypto isakmp sa peer client-fw
show crypto ipsec sa peer client-fw

troubleshooting vpn : 

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution05


examining objects

fw/act# sh run object-group network id mgmt_nets
                                         ^
ERROR: % Invalid input detected at '^' marker.
fw/act#
fw/act# sh run object-group id mgmt_nets
object-group network mgmt_nets
network-object 10.21.254.0 255.255.255.0
network-object 10.21.255.0 255.255.255.0
network-object 10.21.253.0 255.255.255.0
network-object 10.21.252.0 255.255.255.0
network-object 10.21.248.0 255.255.255.0
network-object 10.21.97.0 255.255.255.0
fw/act#
Retrieved from "https://wiki.quadratic.net/index.php?title=Cisco_ASA_Notes&oldid=5886"