I thought so?...Let me double check.  Yes.  appears to be latest one. Version 200.0.0.4.  

Isn't it supposed to be able to open all ike.elg files?

I know you cant send the actual ike file, but if you have random one that does not have any sensitive info, happy to try here.

Andy

Thanks man.  I can't inspect them right now but thank you.   Weird.  

You got it. One I sent you is definitely the latest one.

Andy

So it appears you can't open up iked.elg files.  ok.  Some captures I do not have anything but iked files.  

Correct...ONLY ike.elg

• Can an R81.20 gateway produce Ike.elg files?  

Yes sir, 100%

Morning!  Quick question. How can I get my R81.20 gateway to generate Ike.elg logs?  Or is there a way to analyze Ike’s.elg files as easily?  

Thank you again!

vpn debug trunc (rotates vpn debug files)

vpn debug ikeon

-leave it on for few mins

vpn debug ikeoff

check $FWDIR/log dir

Thanks man. I’ll give it a shot. I don’t think I was leaving it on long enough. 

Just ued ikeview I sent you to open ike.elg file from customer's R81.20 fw we generated 2 weeks ago or so and worked like a charm, no issues.

Andy

Hello

I am using v81.20 on the GW, I excuted the commands in the same order, I left it active for about 3 minutes (with 400 tunnels connected) and switched off debug, but the files generated display nothing on IKEview. I checked the log folder and this is the result:

[Expert@GW2-Customer:0]# ls -l /opt/CPsuite-R81.20/fw1/log/ike*
-rw-rw---- 1 admin root 1854537 Jun 5 03:25 /opt/CPsuite-R81.20/fw1/log/iked0.elg
-rw-rw---- 1 admin root 1786066 Jun 5 02:50 /opt/CPsuite-R81.20/fw1/log/iked0.elg.0
-rw-rw---- 1 admin root 253409 Jun 4 16:57 /opt/CPsuite-R81.20/fw1/log/iked0.elg.1
-rw-rw---- 1 admin root 83585 Jun 5 03:25 /opt/CPsuite-R81.20/fw1/log/iked0.ikev1trace
-rw-rw---- 1 admin root 34789 Jun 5 02:50 /opt/CPsuite-R81.20/fw1/log/iked0.ikev1trace.0
-rw-rw---- 1 admin root 36530 Jun 5 03:25 /opt/CPsuite-R81.20/fw1/log/iked0.ikev2trace
-rw-rw---- 1 admin root 21986 Jun 5 02:50 /opt/CPsuite-R81.20/fw1/log/iked0.ikev2trace.0
-rw-rw---- 1 admin root 1672173 Jun 5 03:25 /opt/CPsuite-R81.20/fw1/log/iked1.elg
-rw-rw---- 1 admin root 1340670 Jun 5 02:50 /opt/CPsuite-R81.20/fw1/log/iked1.elg.0
-rw-rw---- 1 admin root 253423 Jun 4 16:57 /opt/CPsuite-R81.20/fw1/log/iked1.elg.1
-rw-rw---- 1 admin root 40875 Jun 5 03:25 /opt/CPsuite-R81.20/fw1/log/iked1.ikev1trace
-rw-rw---- 1 admin root 23231 Jun 5 02:50 /opt/CPsuite-R81.20/fw1/log/iked1.ikev1trace.0
-rw-rw---- 1 admin root 38591 Jun 5 03:25 /opt/CPsuite-R81.20/fw1/log/iked1.ikev2trace
-rw-rw---- 1 admin root 22920 Jun 5 02:49 /opt/CPsuite-R81.20/fw1/log/iked1.ikev2trace.0
-rw-rw---- 1 admin root 1510118 Jun 5 03:25 /opt/CPsuite-R81.20/fw1/log/iked2.elg
-rw-rw---- 1 admin root 1119064 Jun 5 02:50 /opt/CPsuite-R81.20/fw1/log/iked2.elg.0
-rw-rw---- 1 admin root 262308 Jun 4 16:57 /opt/CPsuite-R81.20/fw1/log/iked2.elg.1
-rw-rw---- 1 admin root 41765 Jun 5 03:24 /opt/CPsuite-R81.20/fw1/log/iked2.ikev1trace
-rw-rw---- 1 admin root 16719 Jun 5 02:49 /opt/CPsuite-R81.20/fw1/log/iked2.ikev1trace.0
-rw-rw---- 1 admin root 32955 Jun 5 03:24 /opt/CPsuite-R81.20/fw1/log/iked2.ikev2trace
-rw-rw---- 1 admin root 20405 Jun 5 02:50 /opt/CPsuite-R81.20/fw1/log/iked2.ikev2trace.0
[Expert@GW2-Customer:0]# ls -l /opt/CPsuite-R81.20/fw1/log/vpn*
-rw-rw---- 1 admin root 25026 Jun 5 03:25 /opt/CPsuite-R81.20/fw1/log/vpnd.elg
-rw-rw---- 1 admin root 77093 Jun 5 02:50 /opt/CPsuite-R81.20/fw1/log/vpnd.elg.0
-rw-rw---- 1 admin root 310379 Jun 4 16:57 /opt/CPsuite-R81.20/fw1/log/vpnd.elg.1
-rw-rw---- 1 admin root 20 Jun 5 03:22 /opt/CPsuite-R81.20/fw1/log/vpnd.ikev1trace
-rw-rw---- 1 admin root 20 Jun 5 02:48 /opt/CPsuite-R81.20/fw1/log/vpnd.ikev1trace.0
-rw-rw---- 1 admin root 0 Jun 5 03:22 /opt/CPsuite-R81.20/fw1/log/vpnd.ikev2trace

I checked on IKEview files vpnd.elg and iked0.elg, but nothing displayed on it. I tried with versions 200.0.0.5 and 200.0.0.4, and the result is the same. Due to confidentiality I can't attach the complete files, this is a part of iked0.elg:

[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][ikev2] getIKEVersionForCommunity: Community configured to support both IKE versions, with preference to IKEv2
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][ikev2] Message::Message: New incoming request from original responder with message id 3647319518
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][ikev2] Message::Message: i-spi: 4b3956b17ab2d2c5, r-spi: 5c128864f98c3cf7, next: 11, version: 16, ex type: 5, flags: 0 (enc:0, req:1, init:0), msg id: -647647778, len: 40
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][ikev2] messageLayer::isIkev2Message: message is not an ikev2 message
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][ikev2] Message::~Message: entering
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] IsRetrans: packet wasn't found in retransmission cache -> adding it to cache

[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] SetRetrans: set data in retransmission cache -> md5 = d899ff65_38824c72_54e23639_c4cd5610 cookie_I = 4b3956b17ab2d2c5 , cookie_R = 5c128864f98c3cf7

[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05] fwipsechost_from_ipxaddr: calling GetEntryXIsakmpObjectsHash for 148.222.133.17 returned obj: 0x1310a6a0
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05] canonize_gw: Canonized ip is the same as original ip 148.222.133.17
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] fwisakmpd_process_incoming_data: isTunnelPerInterface=0 me=0 peer_ip=0 peer=94de8511 local_ifn=-1
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] fwisakmpd_process_incoming_data: Notification type: 14
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] NegotiationTable::MatchCookieIMsgID: Found match (0x133ef140) for cookie: 4b3956b17ab2d2c5 msgID: 00
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] neg ptr: 133ef140 ass: 12370330 wait4: 00 
msgId: 00 method: 215 02 cookie: 4b3956b17ab2d2c5 
req type: 3 SPIs: 00 
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] fwisakmpd_process_incoming_data: Received notification while in P1.
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] Negotiation::setinfo: entered. This: 0x12bb6930, data: (nil), len: 0
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] Negotiation::setinfo: data is NULL
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05] fw_dtab_table_get_impl: fw_dtab_get_multik failed

[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] fwisakmpd_process_incoming_data: setting om 0.
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] NegotiationTable::AddNegotiation: peer=17.133.222.148, peer_ip=0.0.0.0, my_ip=0.0.0.0, local_ifn=-1, local_os_ifn=0
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] NegotiationTable::AddNegotiation: New count will be: 2 Adding:
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] neg ptr: 12bb6930 ass: 1352ff10 wait4: 00 
msgId: dead65d9 method: 00 00 cookie: 4b3956b17ab2d2c5 
req type: 0 SPIs: 00 
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][stat] vpn_inc_status_VPND_counter: enter for counter 7
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] New TransportConnection (4390996 Total: 13)
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] UDPConnection::UDPConnection: Enter (copy ctor) peer: 148.222.133.17
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] UDPConnection::UDPConnection: conn.m_txSocket: 0xe55cc28, 0x137abcd0.

[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] TalkToEngine: call to FwIkeEngine (neg->getCountedNegFlag is 0 )
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] extended_log_info_create, entered.
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] < FWIKE_ROLE_START > Id = 278343
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] < FWIKE_ROLE_RESPONDER > Id = 278343
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] FwIkeResponder: entering
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] FwIkeResponderOnEnter: idRanges NOT USED mine [0-0] peer's [0-0]
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05] findSAByTunnel: Find SA with cookies 4b3956b17ab2d2c5,5c128864f98c3cf7 from packet
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05] findSAByTunnel: Valid ISAKMP SA was not found. peer=94de8511
[iked0 11018 4066456000]@GW2-Customername[5 Jun 3:22:05][tunnel] ResponderOnEnter: create new p1state

Any idea what may happen?

Thanks in advance.

What is the size of the files?

Andy

Hi

The size of iked0.elg is 1931KB and vpnd.elg is 27 KB.

So say if you run more iked0.elg, do you see anything at all?

Andy

Hi

Do you mean run the debug longer? I did it for more than 5 minutes, now files size is:
iked0.elg - 9968KB

vpnd.elg - 1006KB

But result is the same, IKEview shows nothing. 

I tried with iked0.ikev1trace and some information appears, mostly unsussceful negotiations, but the tunnel refered is stablished with no problems.

Thats not what I meant...even if you run it for 30 seconds, should contain some stuff. Not sure what to tell you, never had that issue myself. Maybe check with TAC.

Andy

ok, I'll keep trying and update if I get it. 
Thanks anyway for your help.