Cisco Cisco IOS Software Releases 12.2 MC Libro bianco
IPSec Stateful Failover (VPN High Availability)
Debug Configuration Tasks and Examples
31
Cisco IOS Release 12.2(11)YX, 12.2(11)YX1, 12.2(14)SU, 12.2(14)SU1, and 12.2(14)SU2
Debug Configuration Tasks and Examples
This section provides the following debug configuration tasks and examples:
•
•
•
•
Clearing Dormant SAs on Standby Routers
Perform the following commands in EXEC mode to clear associated SA entries:
Debugging
Perform the following commands in EXEC mode to enable debugging:
To prevent debug messages from flooding the console, disable the console log and enable the buffer log
as follows:
as follows:
Router# configure terminal
Router(config)# logging buffered
Router(config)# no logging console
Command
Purpose
Router# clear crypto isakmp ha
[standby][resync]
Clears all dormant (standby) entries from the device. If the resync
keyword is used, all standby IKE SAs will be removed, and a
resynchronization of state will occur.
keyword is used, all standby IKE SAs will be removed, and a
resynchronization of state will occur.
Router# clear crypto sa ha standby [peer
ip address | resync]
Clears all standby SAs for the device if peer is specified.
Command
Purpose
Router# debug crypto isakmp ha [detail | fsm |
update
]
Enables basic debug messages related to the IKE
HA Manager itself, as well as its interactions with
the ISADB.
HA Manager itself, as well as its interactions with
the ISADB.
Router# debug crypto ipsec ha [detail | fsm | update]
Enables IPSec HA debugging.
Router# debug ssp [fsm | socket | packet | peers |
redundancy
| config]
Enables SSP debugging.