Troubleshooting Commands - HP 7102dl - ProCurve Secure Router Configuration Manual

Virtual Private Networks
Troubleshooting a VPN That Uses IPSec
N o t e
10-74
the local router's settings for this VPN connection exactly match those of the
peer. If you are unable to learn the peer's settings, you can try using default
settings to connect to the peer in the fifth step.

Troubleshooting Commands

The tools you will use as you follow this procedure are the show and debug
commands, which are enable mode commands. Preface the commands with
the do keyword to execute them from the configuration mode contexts so that
you can fix problems while you troubleshoot.
You can use the show commands displayed in Table 10-22 on page 10-72 to
view:
IKE and IPSec SAs
IKE policies
transform sets
crypto maps
remote ID and preshared key list
client configuration pools
ACLs
Debug commands display messages in real-time as they are received on the
router. The debug messages displayed when you enter the commands shown
in Table 10-23 give you valuable information about the IKE process.
Debug messages are processor-intensive and can seriously degrade network
performance. Take care when using debug commands.
Table 10-23. VPN debug Commands
View
all IKE debug messages
IKE key management messages (i.e. IKE
phase 1 and 2)
IPSec debug messages (messages received
after the tunnel has been established)
digital certificate messages
IKE client configuration messages
Xauth messages
Command Syntax
debug crypto ike
debug crypto ike negotiation
debug crypto ipsec
debug crypto pki
debug crypto ike client configuration
debug crypto ike client authentication