beautypg.com

Debugging ipsec – Patton electronic ONSITE 2800 User Manual

Page 74

background image

VPN configuration task list

74

OnSite 2800 Series User Manual

6 • VPN configuration

Example: Display IPsec transformation profiles

2800(cfg)#show profile ipsec-transform

IPSEC transform profiles:

Name: AES_128
ESP Encryption: AES-CBC, Key length: 128

Example: Display IPsec policy profiles

2800(cfg)#show profile ipsec-policy-manual

Manually keyed IPsec policy profiles:

Name: ToBurg, Peer: 200.200.200.1, Mode: tunnel, transform-profile: AES_128
ESP SPI Inbound: 1111, Outbound: 2222
ESP Encryption Key Inbound: 1234567890ABCDEF1234567890ABCDEF
ESP Encryption Key Outbound: FEDCBA0987654321FEDCBA0987654321

Debugging IPsec

A debug monitor and an additional

show

command are at your disposal to debug IPsec problems.

Procedure: To debug IPsec connections

Mode: Configure

Example: IPsec Debug Output

2800(cfg)#debug ipsec
IPSEC monitor on
23:11:04 ipsec > Could not find security association for inbound ESP packet.
SPI:1201

Example: Display IPsec Security Associations

2800(cfg)#show ipsec security-associations

Active security associations:

Dir Type Policy Mode Udp-Encapsulation
Peer SPI AH SPI ESP AH ESP-Auth ESP-Enc
Bytes (processed/lifetime) Seconds (age/lifetime)

Step

Command

Purpose

1

node(cfg)#debug ipsec

Enables IPsec debug monitor

2

optional

node(cfg)#show ipsec security-associ-
ations

Summarizes the configuration information of all
IPsec connections. If an IPsec connection does
not show up, then one or more parameters are
missing in the respective Policy Profile.
The information ‘Bytes (processed)’ supports
debugging because it indicates whether IPsec
packets depart from (‘OUT’) or arrive at (‘IN’) the
OnSite router.

See also other documents in the category Patton electronic Hardware: