Table of Contents
Advertisement
Chapter 5
Troubleshooting SpeedTouch™ IPSec
Via Syslog messages
168
The Syslog protocol is a powerful mechanism to investigate network issues. It
allows for logging events occurred on the device.
The Syslog messages can be retrieved in two ways:
locally
Use these CLI command to retrieve the history of Syslog messages:
:syslog msgbuf show
IPSec related syslog messages are disabled by default. Logging can be
enabled or disabled by the following command:
=>IPSec
[ipsec]=>debug
[ipsec debug]=>syslog state
disabled
[ipsec debug]=>syslog state disabled
[ipsec debug]=>
remotely
Configure a remote Syslog server to which all logged Syslog messages are
sent. Using the rule indicated below causes all Syslog messages with severity
debug or higher to be sent towards the machine with IP address "90.0.0.138":
:syslog ruleadd fac=all sev=debug dest=90.0.0.138
Below a typical example of Syslog rules logging the rekeying of a Phase 2 tunnel.
First the new Phase 2 tunnel is negotiated and 4 seconds later the old and expired
Phase 2 tunnel is deleted.
...
<6> SysUpTime: 14:12:50 VPN : Rekey Phase 2: Loc:141.*.*.*, Rem:192.168
.1.* (50.0.0.139)
<6> SysUpTime: 14:12:50 VPN : AddSa: SPIs(OUT/IN):D40467B8/
5F0E9992 Loc:141.*.*.* Rem:192.168.1.* (50.0.0.139) Prot:ESP-AES[128]-
HMAC-MD5 Exp:0h:10m:00s
<6> SysUpTime: 14:12:54 VPN : DelSa: SPIs(OUT/IN):04D3EF01/
1CF5AAF2 Time=0h:07m:41s
...
enabled
E-DOC-CTC-20051017-0169 v0.1
Advertisement
Table of Contents
