Using L2Tp Debug Commands - Cisco FirePOWER ASA 5500 series Configuration Manual

Chapter 28 Configuring L2TP over IPSec
IPSecOverNatT Sessions: 1
L2TPOverIPSecOverNatT Sessions: 1
IKE:
Session ID
UDP Src Port : 4500
IKE Neg Mode : Main
Encryption
Rekey Int (T): 300 Seconds
D/H Group
IPSecOverNatT:
Session ID
Local Addr
Remote Addr
Encryption
Encapsulation: Transport
Rekey Int (T): 300 Seconds
Idle Time Out: 1 Minutes
Bytes Tx
Pkts Tx
L2TPOverIPSecOverNatT:
Session ID
Username
Assigned IP
Encryption
Idle Time Out: 1 Minutes
Bytes Tx
Pkts Tx
===================

Using L2TP Debug Commands

You can display L2TP debug information using the debug l2tp command in privileged EXEC mode. To
disable the display of debug information, use the no form of this command:
data displays data packet trace information.
error displays error events.
event displays L2TP connection events.
packet displays packet trace information.
level sets the debug message level to display, between 1 and 255. The default is 1. To display additional
messages at higher levels, set the level to a higher number.
The following example enables L2TP debug messages for connection events. The show debug command
reveals that L2TP debug messages are enabled.
hostname# debug l2tp event 1
hostname# show debug
debug l2tp event enabled at level 1
hostname#
OL-10088-01
: 1
: 3DES
: 2
: 2
: 80.208.1.2/255.255.255.255/17/1701
: 70.208.1.2/255.255.255.255/17/0
: 3DES
: 1209
: 20
: 3
: v_gonzalez
: 90.208.1.202
: none
: 584
: 18
debug l2tp {data | error | event | packet} level
Viewing L2TP over IPSec Connection Information
UDP Dst Port : 4500
Auth Mode : rsaCertificate
Hashing : MD5
Rekey Left(T): 294 Seconds
Hashing : MD5
Rekey Left(T): 293 Seconds
Idle TO Left : 1 Minutes
Bytes Rx : 2793
Pkts Rx : 32
Auth Mode : PAP
Idle TO Left : 1 Minutes
Bytes Rx : 2224
Pkts Rx : 30
Cisco Security Appliance Command Line Configuration Guide
28-7