asa

Introduction

As you probably are aware the Cisco ASA is the successor to the Cisco PIX. If you are like me you are used to using the "debug packet" command for doing a lot of your connectivity trouble shooting. With the ASA you can use a command which is similar (albeit improved) version of the debug packet called "capture". As well as the new capture command the Cisco ASA also has a graphic logging tool known as the Cisco ASA ASDM logging tool.

When you are setting a site to site VPN between two Cisco ASA IPSEC peers you may find it useful to turn on the debug command for phase 1 tunnel initiation. Phase 1 uses a key exchange protocol called ISAKMP. With this in mind I often turn on the Crypto ISAKMP debugging on the command line to provide me with useful feedback when setting up a vpn. This is done using the following command:

Please note the trailing 8 is the level of debugging information you want sent to your console. This is configurable between 1-255.