Troubleshoot
Troubleshooting Commands
Before issuing debug commands, please see
Note
The following debug commands must be running on both IPSec routers (peers). Security associations
must be cleared on both peers.
•
•
•
•
•
•
•
The following is an example of output for the debug crypto ipsec client ezvpn command:
EzVPN-Spoke-1# debug crypto ipsec client ezvpn
*May 24 03:04:51.923: EZVPN(VPN1): New State: CONNECT_REQUIRED
!
!--- The following line shows the connection going down, not part of the debug output.
!
*May 24 03:04:51.923: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is DOWN.
10.32.152.26:500
!
!---Debug output resumes
!
*May 24 03:04:51.927: EZVPN(VPN1): Current State: CONNECT_REQUIRED
*May 24 03:04:51.927: EZVPN(VPN1): Event: CONNECT
*May 24 03:04:51.927: EZVPN(VPN1): ezvpn_connect_request
*May 24 03:04:51.927: EZVPN(VPN1): New State: READY
*May 24 03:04:51.999: EZVPN(VPN1): Current State: READY
*May 24 03:04:51.999: EZVPN(VPN1): Event: CONN_UP
*May 24 03:04:51.999: EZVPN(VPN1): ezvpn_conn_up 7F890E16 DB923EE3 67C9C0D2 7EE723AC
*May 24 03:04:51.999: EZVPN(VPN1): No state change
*May 24 03:04:52.007: EZVPN(VPN1): Current State: READY
*May 24 03:04:52.007: EZVPN(VPN1): Event: XAUTH_REQUEST
*May 24 03:04:52.007: EZVPN(VPN1): ezvpn_xauth_request
*May 24 03:04:52.007: EZVPN(VPN1): ezvpn_parse_xauth_msg
*May 24 03:04:52.007: EZVPN: Attributes sent in xauth request message:
*May 24 03:04:52.007:
*May 24 03:04:52.007:
*May 24 03:04:52.007: EZVPN(VPN1): send saved username ezvpn-spoke1 and password <omitted>
*May 24 03:04:52.007: EZVPN(VPN1): New State: XAUTH_REQ
*May 24 03:04:52.007: EZVPN(VPN1): Current State: XAUTH_REQ
*May 24 03:04:52.007: EZVPN(VPN1): Event: XAUTH_REQ_INFO_READY
*May 24 03:04:52.007: EZVPN(VPN1): ezvpn_xauth_reply
*May 24 03:04:52.007:
*May 24 03:04:52.011:
*May 24 03:04:52.011: EZVPN(VPN1): New State: XAUTH_REPLIED
*May 24 03:04:52.023: EZVPN(VPN1): Current State: XAUTH_REPLIED
*May 24 03:04:52.023: EZVPN(VPN1): Event: XAUTH_STATUS
*May 24 03:04:52.023: EZVPN(VPN1): New State: READY
OL-6340-01
16
debug crypto engine—Displays information pertaining to the crypto engine, such as when
Cisco IOS software is performing encryption or decryption operations.
debug crypto ipsec—Displays the IPSec negotiations of phase 2.
debug crypto ipsec client ezvpn—Displays the negotiation of the EzVPN client to the VPN
concentrator.
debug crypto isakmp—Displays the ISAKMP negotiations of phase 1.
clear crypto ipsec client ezvpn—Clears an existing EzVPN connection.
clear crypto isakmp—Clears the security associations for phase 1.
clear crypto sa—Clears the security associations for phase 2.
Id: 10.32.152.26
Important Information on Debug
XAUTH_USER_NAME_V2(VPN1):
XAUTH_USER_PASSWORD_V2(VPN1):
XAUTH_USER_NAME_V2(VPN1): ezvpn-spoke1
XAUTH_USER_PASSWORD_V2(VPN1): <omitted>
Easy VPN Configuration Example
Commands.
Peer