Enable debug output for ISAKMP events

To display messages about IKE events, use the debug crypto isakmp command in privileged EXEC mode. To disable debugging output, use the no form of this command.

Cisco IOS software can generate many useful system error messages for ISAKMP . Two examples of error messages are shown below:

  • %CRYPTO-6-IKMP_SA_NOT_AUTH: Cannot accept Quick Mode exchange from %15i if SA is not authenticated!
    The ISAKMP security association with the remote peer was not authenticated yet the peer attempted to begin a Quick Mode exchange. This exchange must only be done with an authenticated security association. The recommended action is to contact the administrator of the remote peer to resolve the improper configuration.
  • %CRYPTO-6-IKMP_SA_NOT_OFFERED: Remote peer %15i responded with attribute [chars] not offered or changed
    ISAKMP peers negotiate policy by the initiator offering a list of possible alternate protection suites. The responder responded with an ISAKMP policy that the initiator did not offer. The recommended action is to contact the administrator of the remote peer to resolve the improper configuration.
Lab Activity

Lab Exercise: Configure IOS IPSec using Pre-shared Keys

In this lab, students will prepare to configure Virtual Private Network (VPN) support. Students will learn to configure Internet Key Exchange (IKE) phase one. Students will also configure IKE parameters and verify IKE and IP Security (IPSec). Students will then configure the IPSec parameters. Finally, students will test and verify the IPSec configuration.

Lab Activity

e-Lab Activity: Configure Cisco IOS IPSec for Pre-Shared Keys

In this lab activity, the student will configure a secure VPN gateway using IPSec between two Cisco routers to use pre-shared keys for authentication.

Lab Activity

e-Lab Activity: IPSec Transforms Supported in the Cisco IOS Software

In this activity, the student will use help command to display IPSec transform.

Interactive Media Activity

Demonstration Activity: Displaying IKE Policy

In this activity, students will learn how to display IKE policy configurations.