Commands used to debug IKE and VPN failures are entered on the Security Gateway involved in the VPN communication. There should not be any noticeable overhead on the Security Gateway due to enabling debug of IKE and VPN failures. The Security Gateway does not require a restart or reboot to enable debug of IKE and VPN failures.
The output is written in a text format to the respective file(s) in the
'vpn debug on' command activates debugging mode of VPND, the vpn daemon. Debug output will be written to the
$FWDIR/log/vpnd.elg file. In order to turn it off, simply type: '
vpn debug off'.
vpn debug ikeon' command turns on IKE debugging mode. IKE packets will be written to the
$FWDIR/log/ike.elg file. In order to turn it off, simply type: '
vpn debug ikeoff'.
'vpn debug trunc' empties the
ike.elg file, adds a stamp line "...TRUNCATE issued..." and enables both VPN and IKE debugging.