Troubleshooting Basic IPSec VPNs on the Cisco ASA

As I prepare for my next (and final) attempt at the CCIE Security lab exam, I am making lists to help speed and accuracy when troubleshooting involved configurations like VPNs. Here is an example list for a basic VPN on the Cisco ASA:


Step 1 – Is ISAKMP enabled on the correct interface? crypto isakmp enable OUTSIDE

Step 2 – Check the ISAKMP policy.

Step 3 – Check the tunnel-group for correct pre-shared key.

Step 4 – Check the transform set.

Step 5 – Check the access-list for interesting traffic definition.

Step 6 – Check the crypto map.

Step 7 – Check the application of the crypto map.

In the heat of battle you can find that having a plan sure beats not having a plan at all. 🙂

The Internet Layer

In this video, learn the details behind the technologies found in the Internet layer of the famous OSI model.

Basic Switch Configuration

Enjoy this video on the basic configuration of a Cisco switch!