- About This Guide
- Feature Differences
- Introducing the ASA System
- Getting Started
- Building Basic IPSec VPN Tunnels
- Performing Selected User Management Tasks
- Configuring Traffic Management
- Mapping Topics from VPN 3000 Series Concentrators to ASDM
- Mapping Debug/Event Levels from VPN 3000 Series Concentrators to the ASA
- Index
Mapping Debug/Event Levels from VPN 3000 Series Concentrators to the ASA
The VPN 3000 Series Concentrator has 13 logging severity levels, while the ASA uses the numbers from 1 through 11, then 254 and 255 to represent different levels of debugging. In both systems, lower numbers indicate greater severity; for example, selecting a severity level of 3 in either system displays only event messages of the three greatest severity levels. Table B-1 shows the mapping between the VPN 3000 Concentrator severity levels and the ASA severity levels.
|
|
|
|---|---|
1, 2, 3 |
1 |
4 |
2 |
5 |
3 |
6 |
4 |
7 |
5 |
8 |
6 |
9 |
7 |
10 |
8 |
11 |
9 |
12 |
10 |
13 |
11, 254, 255 |
The ASA debug levels 254 and 255 have special meanings.
•
254 specifies IKE packet decode. This displays a Sniffer-like decoding of fields and values for each IKE packet.
•255 specifies an IKE packet dump, which displays the octets within the packets.
Selecting higher-numbered levels results in the display of greater amounts of data, because the capture includes logging messages for that level and for all lower-numbered (that is, more severe) levels.
If you select level 254 or 255, the debug trace queue might overflow. To avoid this overflow, use the capture command, specifying a name for the area in memory that will hold the information and the name of the interface on which to apply packet capture, as follows:
hostname(config)# capture name type isakmp interface interface-name
This command stores the data to an area in memory, which you can then display or write to a file, then post-process to extract the information. See the description of the capture command for more information on its use.
Feedback