Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Dynamic VPN] What information should I collect before opening a case with JTAC?

0

0
Article ID: KB17346 KB Last Updated: 31 Mar 2020Version: 3.0 Summary:

What information should I collect before I open a case for a Dynamic VPN that won’t connect?  What logs or files will assist the Juniper Networks Technical Assistance Center (JTAC) with troubleshooting a Dynamic VPN on a SRX Series device?

Symptoms:

After following the steps in Dynamic VPN Resolution Guide, KB17220 - Troubleshoot Dynamic VPN client that is not working, if the Dynamic VPN is still not working, which logs are needed to further troubleshoot the issue with JTAC?

Solution:

The data to collect on the SRX and ways to capture the data are shown below:


DATA TO PROVIDE TO JTAC
request support information | no-more
show log messages | no-more
show log kmd | no-more

show security ike security-associations | no-more
show security ike security-associations detail | no-more
show security ipsec security-associations | no-more
show security ipsec security-associations detail | no-more
show security ipsec statistics | no-more
show security flow session tunnel | no-more

Note, for the detail commands listed above, it may expedite resolution if the ID, index numbers or peer IP of the IKE and IPSec security associations are included.

If any of the following traceoptions logs were requested to be collected in the previous articles, also include them. For authentication issues, collect all logs that start with authd.

show log ike-debug | no-more
show log flow-debug | no-more
show log https-debug | no-more
show log authd | no-more
show log authd.dbg | no-more
show log authd.sta | no-more
show log authd_libstats | no-more
show log authd_profilelib | no-more
authd_sdb.log | no-more


HOW TO CAPTURE DATA

Capture the above information on the SRX by saving it in a terminal session or saving it to a file:

Capture in Terminal Session:
  1. Log on to the SRX, either by Telnet or a terminal software over the Console port.
  2. Turn on the text capture feature of your Telnet or terminal software.  For assistance, see KB6206 - How do I save the console or screen data from a telnet session? 
  3. Issue the commands from above.
  4. Save the captured data to a file.
OR

Save to file:
request support information | save /var/tmp/support-info-case-2010-1234-5678
 
Modification History:
2020-03-31: Minor, non-technical update.

Related Links

 Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search