- Reset IKE and ISAKMP keys using the vpn tu command
- Enable debugging for IKE and VPND
[Expert@HostName]# vpn debug trunc
[Expert@HostName]# vpn debug on TDERROR_ALL_ALL=5
- Run fw monitor to capture packets on th firewall
[Expert@HostName]# fw monitor -e "accept;" -o /var/log/capture.cap
- In another shell start kernel debugging with following parameters
[Expert@HostName]# fw ctl debug 0
[Expert@HostName]# fw ctl debug -buf 32000
[Expert@HostName]# fw ctl debug -m fw + conn drop vm crypt
[Expert@HostName]# fw ctl debug -m VPN all
[Expert@HostName]# fw ctl kdebug -T -f > /var/log/kerneldebug.txt
- Generate traffic across the tunnel and try to replicate the issue
- Stop debugging
Press CTRL-C and run
[Expert@HostName]# fw ctl debug 0
Stop debugging and fw monito
[Expert@HostName]# vpn debug off
[Expert@HostName]# vpn debug ikeoff
Ctrl-C on shell where fw monitor is running
Debug information is contained in the following files:
/var/log/capture.cap from the Security Gateway/var/log/kerneldebug.txt from the Security Gateway$FWDIR/log/ike.elg* from the Security Gateway$FWDIR/log/ikev2.xml* from the Security Gateway$FWDIR/log/vpnd.elg* from the Security Gateway
No comments:
Post a Comment