Debug OSPF & IPsec

Hi everyone, what debugging steps would you take to identify that the wrong tunnel key has been configured.

Any pointers much appreciated.


Hello Thomas

If you’re working with an ASA, then take a look at this Cisco documentation on troubleshooting mismatched pre-shared keys…

I hope this has been helpful!


For IKE Phase 1, check out this quick guide:

When you run show crypto isakmp sa you’ll see the wait messages for your peers. If you get stuck on MSG4 or MSG5 you’re stuck at the key negotiation point. Spam the command, because e the wait messages change as the negotiation tries and fails going through the process.