Hey mate,
Personally, below is what I always do. To get basic debugs, run this:
vpn debug trunc (rotates debug files)
vpn debug ikeon
-generate some traffic (leave for 1 or 2 mins)
vpn debug ikeoff
Check $FWDIR/log for ike/vpnd.elg files
I never bother with ikeview, if stuff is failing, just check in vpn tu command if theres even any ike or ipsec SAs. I know ike.elg would show you in ikeview what packet its failing on, so say if its packet 4 phase1, thats usually PSK, but thats easy to tell anyway...just input bogus key on both ends, something easy, say password123 and if it works, bam, theres your answer.
Other than that, I would review vpnd.elg file and filter for external IP address
You can also do this
grep -i x.x.x.x $FWDIR/log/vpnd* (just replace xs with right external IP)
Whats other end of the tunnel?
Best,
Andy
