VPN – Virtual Private Network

Cisco does have really Nice VPN termination gears, especially ASA 5500 series. I like those. They are easy to setup for VPN and they are easy to troubleshoot for VPN issues. However VPN or just Site-2-Site VPN are not that friendly on IOS routers.

To disable the don’t-fragment bit on Interface in case ISP does not like the MTU over IPSEC

Router(config)#interface gig 0/0

Router(config-if)#crypto ipsec df-bit clear

Use following commands to verify the settings of Site-2-Site VPN:

Router#show crypto session detail

Router#show crypto isakmp sa detail

Router#show crypto ipsec sa

Router#show crypto engine connections active

Router#show crypto engine connections dropped-packet

Router#show crypto engine connections flow

Router#show crypto engine qos

Router#debug crypto condition peer ipv4

Router#debug crypto isakmp

Router#debug crypto IPsec

Use following command to re-initiate the tunnel on IOS device:

Router#clear crypto sa peer

One thought on “VPN – Virtual Private Network

  1. Pingback: Konfigurasi CLI cisco Router | datangpergi

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s