Juniper SRX: Where do I look to see IKE debug messages?
Going through a JSEC book I noticed the following slide explains that there are 6 ike phase 1 messages that take place for a tunnel to establish.
I am looking in the
kmdlog andtraceoptionsdata but I do not see any information relating to the IKE messages pictured in those logs. Perhaps I am looking at it wrong? If my SRX is hanging up on one of those messages where would I look to determine that?Juniper KB explaining how to locate / interpret information in the Kmd log : How do I Find the VPN Entry in the Kmd Log on a J-Series or SRX-Series device?
although for releases prior to 12 the following kmd log issues below are also relevant for the higher end firewalls. [SRX High End] request security ike debug-enable does not print any useful kmd debug output
its quite key which SRX and what software version you're using really.
for reference only really , I use this method to troubleshoot a singe vpn tunnel without having to actually make any changes / commits
[email protected]>request security ike debug-enable local remote level
[email protected]>show log /var/log/kmd
[email protected]>request security ike debug-disable
Explained in detail here: KB [SRX] How can I enable IKE traceoptions for only specific security associations
License under CC-BY-SA with attribution
Content dated before 7/24/2021 11:53 AM
