Step 4 Test and Verify the IPsec Configuration

It is best to verify your configuration beforehand instead of having to troubleshoot the connection if it is not working. Various show and debug commands enable you to check the current configuration, including the following:

• show crypto isakmp policy Displays the configured IKE policies.

• show crypto ipsec transform-set Displays the configured transform sets.

• show crypto ipsec sa Displays the current state of your IPsec SAs.

• show crypto map Displays your current crypto maps.

• show crypto dynamic-map Displays your dynamic crypto map set.

• debug crypto isakmp Enables debugging of IKE events. This command generates a tremendous amount of output and should be used only when traffic is low.

• debug crypto ipsec Enables debugging of IPsec events. This command generates a tremendous amount of output and should be used only when traffic is low.

Remembering that the configurations must match on both peers, it is best to compare the configuration from each router if possible. Figure 19-10 shows the configuration settings for this task.

0 0

Post a comment