ISAKMP/IKE Phase 2 Connections
In this section I’ll discuss some security appliance commands you can use to troubleshoot ISAKMP/IKE Phase 2 connections. I’ll begin by briefly describing the commands you can use and then, in later sections, I’ll discuss some of these commands in more depth.
Overview of the Phase 2 Commands
If you’re experiencing problems with establishing IPsec data connections with an IPsec peer, you could use several PIX/ASA commands to help pinpoint the problem. Here’s a brief summary of these commands:
show crypto engine [verify]— Displays the usage statistics for the appliance’s crypto engine (FOS 6.x only); the verify parameter runs the Known Answer Test (KAT), which checks the integrity of the cryptography engine used ...