Table of Contents
Advertisement
Virtual Private Networks (VPN)
Debug an IPsec configuration
If you experience issues with an IPsec tunnel not being successfully negotiated with the remote end of
the tunnel, you can enable IPsec debug messages to be written to the system log. See
and event logs
for more information about viewing the system log.
There are two methods to enable IPsec debug messages:
From the Admin CLI—Sets the debug level to 1 (basic debugging information only).
n
From the interactive shell—Allows for more detailed debug information.
n
Use the Admin CLI to set the IPsec debug level to 1
To set the debug level to 1 by using the Admin CLI:
Command line
1. Log into the IX20 command line as a user with full Admin access rights.
Depending on your device configuration, you may be presented with an Access selection
menu. Type admin to access the Admin CLI.
2. At the command line, type config to enter configuration mode:
> config
(config)>
3. Set the action ipsec debug command to true:
config> action ipsec debug true
config>
4. Save the configuration and apply the change:
(config)> save
Configuration saved.
>
5. Type exit to exit the Admin CLI.
Depending on your device configuration, you may be presented with an Access selection
menu. Type quit to disconnect from the device.
This sets the IPsec debug level to 1.
Use the interactive shell to set the IPsec debug level
By using the interactive shell to set the debug level, you can enable the IX20 device to write additional
debug messages to the system log. The command accepts the following values to set the debug level:
-1 — (Default) No debug information is written. This is the equivalent of turning off debug
n
messages for IPsec.
0 — Basic auditing logs, (for example, SA up/SA down).
n
1 — Generic control flow with errors. Select this for basic debugging information.
n
2 — More detailed debugging control flow.
n
IX20 User Guide
IPsec
View system
326
Advertisement
Table of Contents
