ISAKMP/IKE Phase 2 Connections

In this section I’ll discuss some security appliance commands you can use to troubleshoot ISAKMP/IKE Phase 2 connections. I’ll begin by briefly describing the commands you can use and then, in later sections, I’ll discuss some of these commands in more depth.

Overview of the Phase 2 Commands

If you’re experiencing problems with establishing IPsec data connections with an IPsec peer, you could use several PIX/ASA commands to help pinpoint the problem. Here’s a brief summary of these commands:

  • show crypto engine [verify]— Displays the usage statistics for the appliance’s crypto engine (FOS 6.x only); the verify parameter runs the Known Answer Test (KAT), which checks the integrity of the cryptography engine used ...

Get The Complete Cisco VPN Configuration Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.