Hi everyone, what debugging steps would you take to identify that the wrong tunnel key has been configured.
Any pointers much appreciated.
Cheers,
Tom
Hello Thomas
If you’re working with an ASA, then take a look at this Cisco documentation on troubleshooting mismatched pre-shared keys…
I hope this has been helpful!
Laz
For IKE Phase 1, check out this quick guide: https://www.tunnelsup.com/isakmp-ike-phase-1-status-messages/
When you run show crypto isakmp sa you’ll see the wait messages for your peers. If you get stuck on MSG4 or MSG5 you’re stuck at the key negotiation point. Spam the command, because e the wait messages change as the negotiation tries and fails going through the process.