Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] [ScreenOS] Useful VPN Troubleshooting and Debug Commands

0

0

Article ID: KB6283 KB Last Updated: 24 Oct 2016Version: 7.0
Summary:
Useful VPN Troubleshooting and Debug Commands

For the latest VPN technical documentation, refer to Concepts & Examples - ScreenOS Reference Guide - Virtual Private Networks.
Symptoms:

Environment:

  • VPN (Virtual Private Network)
  • Debug
  • Troubleshooting
  • CLI (Command Line Interface) Commands

Cause:

Solution:

Note: This article applies to ScreenOS 4.0 and higher.

To use the VPN troubleshooting and debug commands, perform the following steps:

  1. Open the Command Line Interface (CLI). For more information on how to open the CLI, go to Accessing the Command Line Interface Using Telnet.
  2. Enter any of the following commands; then press ENTER.

     

     get ike gatewayThis command shows the IKE gateway configuration and the Phase 1 proposal.
     get vpnThis command shows the VPN association with the IKE gateway and the Phase 2 proposal.
     get policyUse this command to examine the correct policy setting for VPN traffic.
     get ike cookieThis command shows you if the Phase 1 negotiation is successful. If there is no active IKE cookie present, Phase 1 is not established.
     get eventUse this command to examine the status of the Phase 1 and Phase 2 negotiations.
     get saUse this command to examine the security association.
     debug ikeThis command allows you to set a different level of the IKE debug message.
     debug vpnThis command allows you to set the VPN debug level.(Command not present on 6.3.0 and above)
     get dbuf streamUse this command to retrieve all data from the debug buffer on the console.


Additional Information:

When troubleshooting the VPN connection: 

  1. Initiate a ping traffic from initiator first, 
  2. perform the debug on the VPN terminator to ensure the debug accuracy.

Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search