debugging on a 2811 router

Posted on 2011-10-20
Last Modified: 2012-05-12

Need help with some syntax.
Site A and Site B have an ipsec tunnel between each other and crypto map is applied to their outside interfaces.

I want to debug traffic on site A as it enters the tunnel to get encrypted to go to site B.

Don't have much experience doing this on a router.

Site A: needs to access site B via port 25

Need to debug on the inside interface. What is the best way to do it? Debug ip packet? please provide syntax if possible.
Question by:trojan81

    Author Comment

    LVL 32

    Expert Comment


    debug crypto ipsec sa
    debug crypto isakmp
    debug crypto engine

    harbor235 ;}
    LVL 16

    Expert Comment

    To be clear, you want to see the traffic before it's encrypted, but only the traffic that's going to be encrypted?

    So you have an ACL that defines interesting traffic . . . say ACL 150

    debug ip packet 150 detail dump

    harbor235 gave you commands to debug IPSEC traffic, but it sounds like you want to see the actual traffic (payload). The command I gave you will display a mess.

    Good luck,

    Author Comment

    I just want to see the traffic as it comes into the inside interface about to get encrypted and sent out the outside interface where the crypto map is applied.

    In short, I just want to say "yes the traffic is at least making it to the VPN router". I dont care of it enters the tunnel or not. Just want to see it arrive at the doorstep.
    LVL 32

    Accepted Solution


    Like Steve J shows:

    debug ip packet 150   (where 150 is acl 150)

    access-list 150 permit ip
    access-list 150 permit ip  
    ****** (assumed outside interface was*****

    router# term mon
    router(config#) logging con

    harbor235 ;}


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
    Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now