Cisco ASA Debug a Specific VPN Tunnel

Just a quick note to myself on debugging VPN connectivity;  you can specify a peer, user, etc. as a condition to the crypto debug.

Here’s how I did it from the CLI:

ciscoasa# debug crypto condition peer 1.2.3.4
ciscoasa# debug crypto isakmp 255
ciscoasa# debug crypto ipsec 255
ciscoasa# term mon

This will allow you to just narrow in on the debug information for the specific VPN peer specified in the first line.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.