Test VPN Connectivity
Focus
Focus

Test VPN Connectivity

Table of Contents
End-of-Life (EoL)

Test VPN Connectivity

Perform this task to test VPN connectivity.
  1. Initiate IKE phase 1 by either pinging a host across the tunnel or using the following CLI command:
    test vpn ike-sa gateway <gateway_name>
  2. Enter the following command to test if IKE phase 1 is set up:
    show vpn ike-sa gateway <gateway_name>
    In the output, check whether the Security Association displays. If it doesn’t, review the system log messages to interpret the reason for failure.
  3. Initiate IKE phase 2 by either pinging a host from across the tunnel or using the following CLI command:
    test vpn ipsec-sa tunnel <tunnel_name>
  4. Enter the following command to test if IKE phase 2 is set up:
    show vpn ipsec-sa tunnel <tunnel_name>
    In the output, check whether the Security Association displays. If it doesn’t, review the system log messages to interpret the reason for failure.
  5. To view the VPN traffic flow information, use the following command:
    show vpn flow 
    total tunnels configured: 		            1 
    filter - type IPSec, state any 
     
    total IPSec tunnel configured:        1 
    total IPSec tunnel shown:                1 
     
    name                    id      state      local-ip       peer-ip       tunnel-i/f 
    ----------------------------------------------------------------------------------- 
    vpn-to-siteB       5       active    100.1.1.1     200.1.1.1     tunnel.41