Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AkosBakos
Contributor

ike.elg file empty after ike debug

Jump to solution

Hi All,

I bumped into a strange thing during vpn debugging:

after

#vpn debug trunc
#vpn debug ikeon

reproducate the issue: eg. deleting the tunnel with #vpn tu and rebuild it

#vpn debug ikeoff

I see only one row in the ike.elg file : "ike degug started" nothing more.

the vpnd.elg contains data

GW version: R80.40 JHF48

Have somebody such experience?

BR

Akos

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

ike.elg will only contain traces from IKEv1 activity.  If you are using IKEv2 for the Cisco tunnel the file you need to look in is ikev2.xmll.  The Windows ikeview utility can read and decode either file: sk30994: What is the IKEView utility?

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

0 Kudos
6 Replies
the_rock
Advisor

If its empty, it indicates there is not even an attempt at all. Try below:

vpn debug ikeon

test the connection

vpn debug ikeoff

 

Check ike.elg file. Maybe not a bad idea to run watch -d $FWDIR/log/ike.elg command on duplicate ssh window, just to see if size is increasing.

What is the tunnel? CP to Cisco, PAN, Fortinet, something else? New setup, old, ever worked before?

Andy

0 Kudos
AkosBakos
Contributor

Hi Andy,

  • New setup
  • CP to Cisco
  • If the Cisco initiates the tunnel -> ok
  • If the CP initiates the tunnel -> I see the ougoing packet but Cisco side does not receive it

Therefore I want to do an ike debug but I bumped into this strange behaviour 😕

ike.elg is always empty except that one line

Br 

A

 

0 Kudos
the_rock
Advisor

Message me privately and we can setup remote session.

 

Andy

0 Kudos
AkosBakos
Contributor

Hi Andy,

Thank you.

Strange situation, but customer does not allow remote session at all.

So only tips are allowed. 

A

0 Kudos
Timothy_Hall
Champion
Champion

ike.elg will only contain traces from IKEv1 activity.  If you are using IKEv2 for the Cisco tunnel the file you need to look in is ikev2.xmll.  The Windows ikeview utility can read and decode either file: sk30994: What is the IKEView utility?

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

0 Kudos
AkosBakos
Contributor

Hi Timothy,

Yes, that is the problmem. Only one word come into my mind at the moment: "RTFM" 🙂

Thanks,

A

0 Kudos