I want to find out which phase 2 is associated with a particular phase 1 on cisco ASA device.
There are several phase 1 and phase 2 on the device. With the following commands, I can see the active SAs :
show crypto isakamp sa details
show crypto ipsec sa details
But there is only one active for each phase. The configuration itself does not explicitly say "This phase 2 is associated with this phase 1" like Fortigate 60D from Fortinet for example.
Referring to this doc on cisco website, I understand VPNs tunnels are established after trying each phase configuration until a match is found.
Is there a way to know on cisco ASA devices which phase 2 is associated with a particular phase 1 ?
Best Answer
Another useful vpn show command is:
show vpn-sessiondb detail l2l
ASA Command Reference Guide
This should give you what you are looking for. This command gives quite a bit of information for each tunnel that is negotiated. This can also be utilized to view other types of VPNs. The syntax may be slightly different depending on code version.