This chapter will focus on how to troubleshoot IPsec sessions on Cisco routers. I've broken the chapter into two areas on troubleshooting: ISAKMP/IKE Phase 1 and Phase 2 issues. I'll show you how ISAKMP/IKE Phase 1 and 2 connections are built using debug commands and what to look for when there is a problem with either of these phases. I'll also discuss a new feature in the IOS called VPN Monitoring, which allows you to determine problems with IPsec sessions more easily. The last part of the chapter will deal with one main issue with any type of VPN implementation: fragmentation.
Note
This chapter by no means covers all possible problems you'll experience with IPsec sessions on Cisco routers. However, I hope to provide you with the necessary background so that troubleshooting IPsec sessions is a simpler process. I could easily talk about troubleshooting IPsec sessions on routers for over 200 pages, but because of all of the other topics in this book, I'll keep my discussion to a reasonable number of pages. Plus, the solutions I discuss here, such as how to troubleshoot fragmentations problems, can be applied easily to other Cisco VPN products.
