Refer to Cisco Technical Tips Conventions for more information on document conventions. If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment.
The information in this document is based on these software and hardware versions: Prerequisites RequirementsĬisco recommends that you have knowledge of IPsec VPN configuration on these Cisco devices:Ĭisco VPN 3000 Series Concentrators ( Optional) It is recommended that these solutions be implemented with caution and in accordance with your change control policy. Warning: Many of the solutions presented in this document can lead to a temporary loss of all IPsec VPN connectivity on a device. Note: You can look up any command used in this document with the Command Lookup Tool (registered customers only). Note: ASA/PIX will not pass multicast traffic over IPsec VPN tunnels. Note: Refer to IP Security Troubleshooting - Understanding and Using debug Commands to provide an explanation of common debug commands that are used to troubleshoot IPsec issues on both the Cisco IOS ® Software and PIX.
Note: Even though the configuration examples in this document are for use on routers and security appliances, nearly all of these concepts are also applicable to the VPN 3000 concentrator.
If you need configuration example documents for the site-to-site VPN and remote access VPN, refer to the Remote Access VPN, Site to Site VPN (L2L) with PIX, Site to Site VPN (L2L) with IOS, and Site to Site VPN (L2L) with VPN3000 sections of Configuration Examples and TechNotes. As a result, this document provides a checklist of common procedures to try before you begin to troubleshoot a connection and call Cisco Technical Support. Many of these solutions can be implemented prior to the in-depth troubleshooting of an IPsec VPN connection. These solutions come directly from service requests that the Cisco Technical Support have solved.
This document contains the most common solutions to IPsec VPN problems.