For When You Can't Have The Real Thing
[ start | index | login ]
start > Netscreen > VPN Debugging

VPN Debugging

Created by dave. Last edited by dave, 11 years and 242 days ago. Viewed 4,657 times. #3
[diff] [history] [edit] [rdf]
(17 August 2012)

Digging around in the event log:

netscreen(M)-> get event include [peer ip]

General VPN information:

netscreen(M)-> get vpn

Confirm Phase 1:

netscreen(M)-> get ike cookie | i [remote peer ip]

Confirm Phase 2:

netscreen(M)-> get sa | i [peer ip]

Get more details on the SA ID:

netscreen(M)-> get sa id 0x00000007

Running a debug:

netscreen(M)-> set ff src-ip [local endpoint] dst-ip [remote endpoint] 
netscreen(M)-> undebug all
netscreen(M)-> clear db
netscreen(M)-> debug ike basic
netscreen(M)-> debug flow basic
netscreen(M)-> get db str

Debug Flow Basic should return a detailed accounting of why the firewall is sending packets where, or why not.


no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful: | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt