How do I tell when the site to site VPN is established?

Discussion in 'Cisco' started by Kevin Tubbs, Apr 7, 2007.

  Kevin Tubbs

    Kevin Tubbs Guest

    I'm trying to establish a site to site, or LAN to LAN VPN, which should
    allow full access between LAN "A" and LAN "B". Once I have the config set
    up the way it should be, does the VPN tunnel just "automagically" appear?
    Do I have to do "something" to make it happen? Do I have to reboot the ASA?
    How do I tell if it is working?

    I'm doing all of the config using remote access (via ASDM) to the two ASA
    5505's in question, so I can't see the "VPN" light on the front of the unit,
    nor do I have access to try a ping from a machine on one LAN to a machine on
    the other LAN. The only pinging I can try is from the ping function in

    Should the VPN "counter" on the main screen of ASDM change from 0 to 1 as
    soon as I get the config correct, or does data matching the ACLs have to
    flow before it establishes the tunnel?

    I know these are stupid questions, but I really appreciate any help.
    Kevin Tubbs, Apr 7, 2007
  Kevin Tubbs

    DarkFiber

    Do you have access to SSH or telnet into the ASA's? If so you can
    probably do something like:

    sh crypto isakmp sa

    sh crypto ipsec sa

    I can't say I have much experience with the graphical ASDM so I am not
    sure. From command line the show crypto area is where you will want
    to be to find most of your relevant info assuming the ASAs even have
    those commands.
    DarkFiber, Apr 7, 2007
