Great Video BUT as we all know that we CANNOT USE DEBUG in PRODUCTION so it would be nice to mentioned that some of that steps excluding debug we can use to troubleshoot vpn issues
Awesome video, thanks. Just one question: does command debug IP packet detail debug all packets coming to device? If yes, then i guess it's highly risky to run it on production environment where are 2000session or more... Is it possible to somehow filter this debug just to ipsec? Or specifically to debug packets destined to/source from particular IP? Thanks
Hello there and thanks very much for the great troubleshooting tips. One question though, regarding the first topic/possible cause of the issue 'routing' I don't know if I agree, what if R1 is a completely different organization/business who wants to connect to a server in R3 to pull some data from their network securely using an IPSEC site to site VPN, of course, there is no going to be a route in the routing tables for both R1 or R3 about themselves networks. I hope I am describing the question clearly. Thanks and look forward to your response.
Yes this is right but i guess currently the traffic from R1 to R3 and vice versa is not working due to absence of default route.. As in most of the scenario in most of the organisation you have default route towards your perimeter device in case VPN gateway is separate then route is required at core towards that VPN gateway
