Chapter 5

Troubleshooting SpeedTouch™ IPSec

Via Syslog messages The Syslog protocol is a powerful mechanism to investigate network issues. It allows for logging events occurred on the device.

The Syslog messages can be retrieved in two ways:

locally

Use these CLI command to retrieve the history of Syslog messages:

:syslog msgbuf show

IPSec related syslog messages are disabled by default. Logging can be enabled or disabled by the following command:

=>IPSec

[ipsec]=>debug

[ipsec debug]=>syslog state

disabledenabled [ipsec debug]=>syslog state disabled [ipsec debug]=>

remotely

Configure a remote Syslog server to which all logged Syslog messages are sent. Using the rule indicated below causes all Syslog messages with severity debug or higher to be sent towards the machine with IP address “90.0.0.138”:

:syslog ruleadd fac=all sev=debug dest=90.0.0.138

Below a typical example of Syslog rules logging the rekeying of a Phase 2 tunnel.

First the new Phase 2 tunnel is negotiated and 4 seconds later the old and expired

Phase 2 tunnel is deleted.

...

<6> SysUpTime: 14:12:50 VPN : Rekey Phase 2: Loc:141.*.*.*, Rem:192.168

.1.* (50.0.0.139)

<6> SysUpTime: 14:12:50 VPN : AddSa: SPIs(OUT/IN):D40467B8/

5F0E9992 Loc:141.*.*.* Rem:192.168.1.* (50.0.0.139) Prot:ESP-AES[128]- HMAC-MD5 Exp:0h:10m:00s

<6> SysUpTime: 14:12:54 VPN : DelSa: SPIs(OUT/IN):04D3EF01/ 1CF5AAF2 Time=0h:07m:41s

...

168

E-DOC-CTC-20051017-0169 v0.1

 

Page 170
Image 170
Nortel Networks 620, 608(WL) manual 168