
Chapter 5
Troubleshooting SpeedTouch™ IPSec
Via Syslog messages The Syslog protocol is a powerful mechanism to investigate network issues. It allows for logging events occurred on the device.
The Syslog messages can be retrieved in two ways:
locally
Use these CLI command to retrieve the history of Syslog messages:
:syslog msgbuf show
IPSec related syslog messages are disabled by default. Logging can be enabled or disabled by the following command:
=>IPSec
[ipsec]=>debug
[ipsec debug]=>syslog state
disabledenabled [ipsec debug]=>syslog state disabled [ipsec debug]=>
remotely
Configure a remote Syslog server to which all logged Syslog messages are sent. Using the rule indicated below causes all Syslog messages with severity debug or higher to be sent towards the machine with IP address “90.0.0.138”:
:syslog ruleadd fac=all sev=debug dest=90.0.0.138
Below a typical example of Syslog rules logging the rekeying of a Phase 2 tunnel.
First the new Phase 2 tunnel is negotiated and 4 seconds later the old and expired
Phase 2 tunnel is deleted.
...
<6> SysUpTime: 14:12:50 VPN : Rekey Phase 2: Loc:141.*.*.*, Rem:192.168
.1.* (50.0.0.139)
<6> SysUpTime: 14:12:50 VPN : AddSa: SPIs(OUT/IN):D40467B8/
5F0E9992 Loc:141.*.*.* Rem:192.168.1.* (50.0.0.139)
<6> SysUpTime: 14:12:54 VPN : DelSa: SPIs(OUT/IN):04D3EF01/ 1CF5AAF2 Time=0h:07m:41s
...
168 | |
|