As I prepare for my next (and final) attempt at the CCIE Security lab exam, I am making lists to help speed and accuracy when troubleshooting involved configurations like VPNs. Here is an example list for a basic VPN on the Cisco ASA:
Step 1 – Is ISAKMP enabled on the correct interface? crypto isakmp enable OUTSIDE
Step 2 – Check the ISAKMP policy.
Step 3 – Check the tunnel-group for correct pre-shared key.
Step 4 – Check the transform set.
Step 5 – Check the access-list for interesting traffic definition.
Step 6 – Check the crypto map.
Step 7 – Check the application of the crypto map.
In the heat of battle you can find that having a plan sure beats not having a plan at all. 🙂