|Commands used to debug IKE and VPN failures are entered on the Security Gateway involved in the VPN communication. There is no overhead on the Security Gateway due to enabling debugging mode. The Security Gateway does not require a restart or reboot to enable debugging mode. The output is written in a text format to the respective file(s) in the |
For VSX NGX, VSX NGX R65, VSX NGX R67
|It is very helpful to gather the IKE information in both directions by having both endpoints initiate communications at different times so you can see what each machine proposes to the other and then reconcile the differences. Generate debugs for ike and vpnd on both endpoints.|
These debugs are valid for VPN connections between SecureClient and Security Gateways, as well as for site to site VPN connections.
Note: This article is also relevant for site to site VPN with 3rd Part Security Gateways.
Follow the steps below to generate debug information:
Note: For SecurePlatform you must be logged in as Expert.
|Gather the following information to resolve the VPN related issues:|