True Jimmy, if you configure "logging on" and "logging console debugging". everything happening on the ASA is thrown on the ASA's console. But for VPN troubleshooting, you need to use "debug crypto isakmp" but with all logs, it will be very difficult.
You can try using logging list and filtering out other messages. Given below, is what I use for when troubleshooting VPN. You can keep adding the class that you require. I find it very useful logging list vpn level debugging class vpn logging console vpn You need ip debugs, just add the following: logging list vpn level debugging class ip With regards Kings On Mon, Jun 14, 2010 at 11:39 PM, Jimmy Larsson <[email protected]> wrote: > On IOS I always enable logging console 7 on all routers. On ASA I havnt > found a satisfied level yet. I would like to find an easy setting where I > get most information but not "built connection", "tear down connection" and > that jazz. I think that the in a production network i would like to have a > logging console 3,5 or something like that. > > Anyone else with advice on how to use ASA logging while doing lab? > > /Jimmy > > 2010/6/14 Johan Bornman <[email protected]> > >> Jimmy, >> >> >> >> Do you log to the console? What level? >> >> >> >> Johan >> >> >> >> *From:* Jimmy Larsson [mailto:[email protected]] >> *Sent:* 14 June 2010 07:22 PM >> >> *To:* Johan Bornman >> *Cc:* OSL Security >> *Subject:* Re: [OSL | CCIE_Security] IOS Firewalls >> >> >> >> Hi Johan >> >> >> >> I always add "ip inspect log drop" whenever I inspect something and "deny >> ip any any log" when blocking traffic with acl. >> >> >> >> Br Jimmy >> >> >> >> 2010/6/14 Johan Bornman <[email protected]> >> >> Hi, >> >> >> >> What is the best or quickest way to check if I am blocking anything I >> should not be blocking after configuring IOS firewalls and filtering? >> >> >> >> Thanks >> >> >> >> Johan >> >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >> >> >> -- >> ------- >> Jimmy Larsson >> Ryavagen 173 >> s-26030 Vallakra >> Sweden >> http://blogg.kvistofta.nu >> ------- >> > > > > -- > ------- > Jimmy Larsson > Ryavagen 173 > s-26030 Vallakra > Sweden > http://blogg.kvistofta.nu > ------- > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
