Thanks Kings! I will try to use the logging lists on ASA in my daily labs from now on.
Br Jimmy 2010/6/15 Kingsley Charles <[email protected]> > True Jimmy, if you configure "logging on" and "logging console debugging". > everything happening on the ASA is thrown on the ASA's console. But for VPN > troubleshooting, you need to use "debug crypto isakmp" but with all logs, it > will be very difficult. > > You can try using logging list and filtering out other messages. Given > below, is what I use for when troubleshooting VPN. You can keep adding the > class > that you require. I find it very useful > > > logging list vpn level debugging class vpn > logging console vpn > > You need ip debugs, just add the following: > > logging list vpn level debugging class ip > > > > With regards > Kings > > > On Mon, Jun 14, 2010 at 11:39 PM, Jimmy Larsson <[email protected]>wrote: > >> On IOS I always enable logging console 7 on all routers. On ASA I havnt >> found a satisfied level yet. I would like to find an easy setting where I >> get most information but not "built connection", "tear down connection" and >> that jazz. I think that the in a production network i would like to have a >> logging console 3,5 or something like that. >> >> Anyone else with advice on how to use ASA logging while doing lab? >> >> /Jimmy >> >> 2010/6/14 Johan Bornman <[email protected]> >> >>> Jimmy, >>> >>> >>> >>> Do you log to the console? What level? >>> >>> >>> >>> Johan >>> >>> >>> >>> *From:* Jimmy Larsson [mailto:[email protected]] >>> *Sent:* 14 June 2010 07:22 PM >>> >>> *To:* Johan Bornman >>> *Cc:* OSL Security >>> *Subject:* Re: [OSL | CCIE_Security] IOS Firewalls >>> >>> >>> >>> Hi Johan >>> >>> >>> >>> I always add "ip inspect log drop" whenever I inspect something and "deny >>> ip any any log" when blocking traffic with acl. >>> >>> >>> >>> Br Jimmy >>> >>> >>> >>> 2010/6/14 Johan Bornman <[email protected]> >>> >>> Hi, >>> >>> >>> >>> What is the best or quickest way to check if I am blocking anything I >>> should not be blocking after configuring IOS firewalls and filtering? >>> >>> >>> >>> Thanks >>> >>> >>> >>> Johan >>> >>> >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> >>> >>> >>> -- >>> ------- >>> Jimmy Larsson >>> Ryavagen 173 >>> s-26030 Vallakra >>> Sweden >>> http://blogg.kvistofta.nu >>> ------- >>> >> >> >> >> -- >> ------- >> Jimmy Larsson >> Ryavagen 173 >> s-26030 Vallakra >> Sweden >> http://blogg.kvistofta.nu >> ------- >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> > -- ------- Jimmy Larsson Ryavagen 173 s-26030 Vallakra Sweden http://blogg.kvistofta.nu -------
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
