Thank you Pieter. Great post, It will definitely help me.
Regards,
Mohammed Gazzaz
> CC: [email protected]; [email protected]
> From: [email protected]
> To: [email protected]
> Subject: Re: Best way to troubleshoot pre-configured vpn devices?
> Date: Tue, 21 Jul 2009 11:39:30 +0200
>
> Hello Mohammed,
>
> Shame to hear that you failed the test. I know it has become much
> harder.
>
> For me, the troubleshooting of a VPN, independent whether pre-
> configured or not, is always a combination of
> debugs and shows.
>
> usually, I first check the configuration on both sites to see whether
> phase 1 would come up anyhow. Commands like (on the asa)
> show start | begin crypto isakmp
> and
> show run crypto map
>
> help a lot.
> If I see a misconfiguration, such as pre-shared-key, policy settings,
> transform sets, I tend to fix them first.
>
> Then I do the debugs
> debug crypto isakmp
> deb crpt ipsec
> term mon
>
> And initiate the tunnel.
> Based on the output of the debug, you can see where the tunnel then
> fails. 9 out of 10 times, the debug in combination with the configs
> tell me what the issue is.
> Of course, field experience with this helps a lot. Since I do a lot of
> VPN's, I know most of the ISAKMP phase messages and know which error
> message is caused by which config error.
>
> Hope this helps a bit
>
> Kind regards
> Pieter-Jan
>
> On 21 jul 2009, at 08:17, Mohammed Gazzaz wrote:
>
> > Hi,
> >
> > Last Thursday, I
> > failed my second attempt by only 10%. Compared to my first attempt, I
> > did a lot better and silly mistakes cost me the exam. I also
> > panicked again
> > and didn't pay attention to the small details.
> >
> > Maybe I was lucky
> > but Open ended questions were very easy and I answered them in 10
> > minutes, probably I could have answered them in 5 minutes but I didn't
> > want to rush.
> >
> > My time management was again not good and I lost a lot of points in
> > troubleshooting VPN questions.
> >
> > Can you guys give me some tips on how to approach this part of the
> > exam?
> >
> > I
> > mean I know how to configure different VPNs from scratch but to
> > troubleshoot pre-configured devices is a different matter. I can use
> > debug and show commands but probably I will spend a lot of time to
> > solve the issue.
> >
> > Any help will be appreciated.
> >
> > Regards,
> > Mohammed Gazzaz
> >
> > _________________________________________________________________
> > Express yourself instantly with MSN Messenger! Download today it's
> > FREE!
> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >
>
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
