(17 August 2012)
Digging around in the event log:
netscreen(M)-> get event include [peer ip]
General VPN information:
Confirm Phase 1:
netscreen(M)-> get ike cookie | i [remote peer ip]
Confirm Phase 2:
netscreen(M)-> get sa | i [peer ip]
Get more details on the SA ID:
netscreen(M)-> get sa id 0x00000007
Running a debug:
netscreen(M)-> set ff src-ip [local endpoint] dst-ip [remote endpoint]
netscreen(M)-> undebug all
netscreen(M)-> clear db
netscreen(M)-> debug ike basic
netscreen(M)-> debug flow basic
netscreen(M)-> get db str
Debug Flow Basic should return a detailed accounting of why the firewall is sending packets where, or why not.
(
Source)