Ipsec Vpn Intervention; Ipsec Vpn Logging - Avaya G250 Administration

Configuring IPSec VPN
Use the show crypto ipsec sa address command to display the IPsec SA
●
configuration by peer IP address.
Use the show crypto ipsec sa list command to display the IPsec SA runtime
●
database by list ID and rule ID.
Tip:
The detail option in the various show crypto ipsec sa commands,
Tip:
provides detailed counters information on each IPSec SA. To pinpoint the source
of a problem, it is useful to check for a counter whose value grows with time.
Use the clear crypto sa counters command to clear the crypto SA counters.
●

IPSec VPN intervention

You can use the following clear commands to clear the IPSec VPN runtime database:
Use the clear crypto sa command to clear all or specific IPSec SAs (security
●
association structures).
Use the clear crypto isakmp command to flush a specific entry in the ISAKMP
●
database or the entire ISAKMP database.
Note:
If you wish to clear both an ISAKMP connection and the IPSec SAs, the
Note:
recommended order of operations is:
First clear the IPSec SAs using the clear crypto sa all command,
then clear the ISAKMP SA using the clear crypto isakmp command.

IPSec VPN logging

IPSec VPN logging allows you to view the start and finish of IKE phase 1 and IKE phase 2
negotiations. Most importantly, it displays the configuration of both peers, so that you can
pinpoint the problem in case of a mismatch between the IPSec VPN configuration of the peers.
Note:
For more information about logging, see the chapter
Note:
page 187.
1. Use the set logging session enable command to enable session logging.
G350-001# set logging session enable
Done!
CLI-Notification: write: set logging session enable
472 Administration for the Avaya G250 and Avaya G350 Media Gateways
Configuring logging on