As I prepare for my next (and final) attempt at the CCIE Security lab exam, I am making lists to help speed and accuracy when troubleshooting involved configurations like VPNs. Here is an example list for a basic VPN on the Cisco ASA:
Step 1 – Is ISAKMP enabled on the correct interface? crypto isakmp enable OUTSIDE
Step 2 – Check the ISAKMP policy.
Step 3 – Check the tunnel-group for correct pre-shared key.
Step 4 – Check the transform set.
Step 5 – Check the access-list for interesting traffic definition.
Step 6 – Check the crypto map.
Step 7 – Check the application of the crypto map.
In the heat of battle you can find that having a plan sure beats not having a plan at all. 🙂
8 thoughts on “Troubleshooting Basic IPSec VPNs on the Cisco ASA”
Did u fail in first attempt ?? Anyways Nice steps of VPN thanks.
Yes – I failed the. Version 3 back in Oct 2012′
Nice stuff. Thank you for inspiring me to do the same. 🙂 I’m also maintaining some notes on my blog while preparing for CCIE Security v4.
You will pass this week my friend!
Thank you so much! In think you are right!!!!
Can you advise the best books which have comprehensive details and explanations of the various features on ASA’s and how these can be configured. I know CISCO have their own books for the device but is there any other books which are worth reading?
The troubleshooting guidance is very helpful. Can you share the corresponding troubleshooting commands as well? Also please guide us on what are the information to look into, from the output.
K S Rathnam.