Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer
 Support Center > Search Results > SecureKnowledge Details
Support Center
 Print    Email
Enabling IKE and VPN debugging

Solution ID: skI4326
Product: IPSec VPN
Version: NGX R65, NGX R67, NGX R68, R70, R71, R75, R76, R77
Platform / Model: All
Date Created: 16-Aug-2001
Last Modified: 30-Mar-2014
Rate this document
[1=Worst,5=Best]
Solution

Commands used to debug IKE and VPN failures are entered on the Security Gateway involved in the VPN communication. There should not be any noticeable overhead on the Security Gateway due to enabling debug of IKE and VPN failures. The Security Gateway does not require a restart or reboot to enable debug of IKE and VPN failures. The output is written in a text format to the respective file(s) in the $FWDIR/log directory.

The vpn debug on command activates debugging mode of VPND, the vpn daemon. Debug output will be written to the $FWDIR/log/vpnd.elg file. In order to turn it off, simply type vpn debug off.

The vpn debug ikeon command turns on IKE debugging mode. IKE packets will be written to the $FWDIR/log/ike.elg file. In order to turn it off, simply type vpn debug ikeoff.

vpn debug trunc empties the ike.elg file, adds a stamp line "...TRUNCATE issued..." and enables both VPN and IKE debugging.

For VSX NGX, VSX NGX R65, VSX NGX R67, VSX NGX R68

  • The vpn -vs <vsid> debug on command activates debugging mode of VPND, the vpn daemon.
  • The vpn -vs <vsid> debug ikeon command turns on IKE debugging mode.
  • vpn -vs <vsid> debug trunc empties the ike.elg file, adds a stamp line "...TRUNCATE issued..." and enables both VPN and IKE debugging.
  • Files are not outputted to the $FWDIR/log directory. They will be located in $FWDIR/CTX/CTX<VSID>/log/.

 


 

Related Solutions:


Give us Feedback
Rate this document
[1=Worst,5=Best]
Additional comments...(Max 2000 characters allowed)
Characters left: 2000