Just a quick note to myself on debugging VPN connectivity; you can specify a peer, user, etc. as a condition to the crypto debug.
Here’s how I did it from the CLI:
ciscoasa# debug crypto condition peer 1.2.3.4 ciscoasa# debug crypto isakmp 255 ciscoasa# debug crypto ipsec 255 ciscoasa# term mon
This will allow you to just narrow in on the debug information for the specific VPN peer specified in the first line.
