Initiate IKE phase 1 by either pinging a host across
the tunnel or using the following CLI command:
test vpn ike-sa gateway <gateway_name>
Enter the following command to test if IKE phase 1 is set
up:
show vpn ike-sa gateway <gateway_name>
In
the output, check whether the Security Association displays. If
it doesn’t, review the system log messages to interpret the reason
for failure.
Initiate IKE phase 2 by either pinging a host from across
the tunnel or using the following CLI command:
test vpn ipsec-sa tunnel <tunnel_name>
Enter the following command to test if IKE phase 2 is set
up:
show vpn ipsec-sa tunnel <tunnel_name>
In
the output, check whether the Security Association displays. If
it doesn’t, review the system log messages to interpret the reason
for failure.
To view the VPN traffic flow information, use the following
command:
show vpn flow
total tunnels configured: 1
filter - type IPSec, state any
total IPSec tunnel configured: 1
total IPSec tunnel shown: 1
name id state local-ip peer-ip tunnel-i/f
-----------------------------------------------------------------------------------
vpn-to-siteB 5 active 100.1.1.1 200.1.1.1 tunnel.41
