Solved: IPsec traffic debugging on Maestro

s_milidrag

Hi all,

Does anybody can let me know how to debug IPsec on Maestro with # vpn debug trunc ALL=5

Actually my question is where to run this command (I have two MHO with three GW blades)

tanks

SM

Dario_Perez

Traffic passing through Security Group, the MHO is only pass through. So, all debug should be done on Security Group.

run g_all before to use the debug commands to run on all SGM at same time. since traffic might pass through others SGM

At the end check size and time for ike.elg file

g_all ls -lr -h $FWDIR/log/ike.elg

you should see if file size is bigger than 0 and if time if for today, therefore that is the file you need.

Also recommend to open a case with TAC.

the_rock

Maybe someone else can confirm, but since I installed elasticxl on R82, I was able to do it from main site expert mode.

Andy

[Expert@CP-EXL-1-s01-01:0]# vpn debug trunc ALL=5
[Expert@CP-EXL-1-s01-01:0]#

Dario_Perez

when you are in expert you run command locally you have to use g_all to run on all SGM

the_rock

I was just about to ask that 🙂

I see what you mean.

Andy

[Expert@CP-EXL-1-s01-01:0]# g_all
1_01:
[Expert@CP-EXL-1-s01-01:0]#

Dario_Perez

right in your case you have only 1 SGM, when you add more and you run g_all you can see the output on each line.

the_rock

Yep, thanks for that, I have slightly updated version as well.

Cheers,

Andy

Dario_Perez

Traffic passing through Security Group, the MHO is only pass through. So, all debug should be done on Security Group.

run g_all before to use the debug commands to run on all SGM at same time. since traffic might pass through others SGM

At the end check size and time for ike.elg file

g_all ls -lr -h $FWDIR/log/ike.elg

you should see if file size is bigger than 0 and if time if for today, therefore that is the file you need.

Also recommend to open a case with TAC.