This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AkosBakos
MVP Silver
MVP Silver
‎2021-03-01 10:09 AM
Jump to solution

ike.elg file empty after ike debug

Hi All,

I bumped into a strange thing during vpn debugging:

after

#vpn debug trunc
#vpn debug ikeon

reproducate the issue: eg. deleting the tunnel with #vpn tu and rebuild it

#vpn debug ikeoff

I see only one row in the ike.elg file : "ike degug started" nothing more.

the vpnd.elg contains data

GW version: R80.40 JHF48

Have somebody such experience?

BR

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
MVP Gold
MVP Gold
‎2021-03-01 11:36 AM
Jump to solution

ike.elg will only contain traces from IKEv1 activity.  If you are using IKEv2 for the Cisco tunnel the file you need to look in is ikev2.xmll.  The Windows ikeview utility can read and decode either file: sk30994: What is the IKEView utility?

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

View solution in original post

0 Kudos
6 Replies
the_rock
MVP Platinum
MVP Platinum
‎2021-03-01 10:22 AM
Jump to solution

If its empty, it indicates there is not even an attempt at all. Try below:

vpn debug ikeon

test the connection

vpn debug ikeoff

 

Check ike.elg file. Maybe not a bad idea to run watch -d $FWDIR/log/ike.elg command on duplicate ssh window, just to see if size is increasing.

What is the tunnel? CP to Cisco, PAN, Fortinet, something else? New setup, old, ever worked before?

Andy

Best,
Andy
0 Kudos
AkosBakos
MVP Silver
MVP Silver
‎2021-03-01 10:28 AM
In response to the_rock
Jump to solution

Hi Andy,

  • New setup
  • CP to Cisco
  • If the Cisco initiates the tunnel -> ok
  • If the CP initiates the tunnel -> I see the ougoing packet but Cisco side does not receive it

Therefore I want to do an ike debug but I bumped into this strange behaviour 😕

ike.elg is always empty except that one line

Br 

A

 

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2021-03-01 10:30 AM
In response to AkosBakos
Jump to solution

Message me privately and we can setup remote session.

 

Andy

Best,
Andy
0 Kudos
AkosBakos
MVP Silver
MVP Silver
‎2021-03-01 10:35 AM
In response to the_rock
Jump to solution

Hi Andy,

Thank you.

Strange situation, but customer does not allow remote session at all.

So only tips are allowed. 

A

----------------
\m/_(>_<)_\m/
0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2021-03-01 11:36 AM
Jump to solution

ike.elg will only contain traces from IKEv1 activity.  If you are using IKEv2 for the Cisco tunnel the file you need to look in is ikev2.xmll.  The Windows ikeview utility can read and decode either file: sk30994: What is the IKEView utility?

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
AkosBakos
MVP Silver
MVP Silver
‎2021-03-01 11:15 PM
In response to Timothy_Hall
Jump to solution

Hi Timothy,

Yes, that is the problmem. Only one word come into my mind at the moment: "RTFM" 🙂

Thanks,

A

----------------
\m/_(>_<)_\m/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events