debug crypto ipsec level

To debug the VPN, use the debug crypto ipsec level command in User Exec. The no form of the command disables the debugging changing default logging level to 1. and changes default logging level to 1.

debug crypto ipsec level

debug crypto ipsec level <sev_level> { { 1 | } { 2 | } { 3 | } { 4 | } { 5} } { {all | } { app | } { asn | } { cfg | } { chd | } { dmn | } { enc | } { esp | } { ike | } { imc | } { imv | } { job | } { knl | } { lib | } { mgr | } { net | } { pts | } { tls | } { tnc} }

no debug crypto ipsec

no debug crypto ipsec { { 1 | } { 2 | } { 3 | } { 4 | } { 5} } { {all | } { app | } { asn | } { cfg | } { chd | } { dmn | } { enc | } { esp | } { ike | } { imc | } { imv | } { job | } { knl | } { lib | } { mgr | } { net | } { pts | } { tls | } { tnc} }

Parameters

Parameter	Type	Description
`<sev_level>`		Select a debugging level. The levels are as follows:
`1`	Integer	Very basic auditing logs, (e.g. SA up/SA down)
`2`	Integer	Generic control flow with errors, a good default to see what’s going on
`3`	Integer	More detailed debugging control flow
`4`	Integer	Including RAW data dumps in hex
`5`	Integer	Also include sensitive material in dumps, e.g. keys
`all`	Integer	Select for all debug messages
`app`	Integer	Select for applications other than daemons
`asn`	Integer	Select for low-level encoding/decoding (ASN.1, X.509, etc.)
`cfg`	Integer	Select for configuration management and plugins
`chd`	Integer	Select for CHILD_SA/IPsec SA
`dmn`	Integer	Select for Main daemon setup/cleanup/signal handling
`enc`	Integer	Select for Packet encoding/decoding encryption/decryption operations
`esp`	Integer	Select for libipsec library messages
`ike`	Integer	Select for IKE_SA/ISAKMP SA
`imc`	Integer	Select for Integrity Measurement Collector
`imv`	Integer	Select for Integrity Measurement Verifier
`job`	Integer	Select for Jobs queuing/processing and thread pool management
`knl`	Integer	Select for IPsec/Networking kernel interface
`lib`	Integer	Select for libstrongwan library messages
`mgr`	Integer	Select for IKE_SA manager, handling synchronization for IKE_SA access
`net`	Integer	Select for IKE network communication
`pts`	Integer	Select for Platform Trust Service
`tls`	Integer	Select for libtls library messages
`tnc`	Integer	Select for Trusted Network Connect

Mode

User Exec Mode

Examples

iS5comm# debug crypto ipsec level 1 knl

iS5comm# no debug crypto ipsec all