|
How do I use the ACL debugs to debug a VPN Connection?
Posted by Elena Brambilla, Last modified by Daniel Lizaola on 12 December 2017 05:06 PM
|
|
|
Debugging VPNs and ACLs is a bit different than using the other debug commands. It is a two step process to enable ACL debugging. You must first be in configuration mode. 1) Go into "context ip" and then into the ethernet interface and type the following debug commands: "debug acl in" "debug acl out" 2) Then you can enable and disable debugging of the ACLs by the using the command "debug acl" or "no debug acl". Note: VPNs tunnels only work between the two networks configured as a VPN (usually two private networks on eth1 like 192.168.1.0 and 192.168.2.0). You cannot ping or test the VPN from the console port or the SmartNode administrator command. You must test between PCs on the two private networks. For instance, a PC at 192.168.1.10 should be able to ping a PC at 192.168.2.10 through the VPN tunnel. You cannot PING a PC on one of the VPN tunnels from the console or admisistrator account. Additionally, "debug ipsec" provides the IPSEC debug monitor which is normal a one-step debug command. See the command "terminal monitor-filter" to allow you to filter out the ACLs you want to see. For example, to see only the packets to an IP address 123, you can simply use the command: terminal monitor-filter .*123.* | |
 (8748 vote(s)) Helpful Not helpful |
Comments (0)