Knowledge Search


×
 

[ScreenOS] What information should I collect for a Site-to-Site VPN that won't come up?

  [KB9229] Show Article Properties


Summary:
This article describes the information that should be collected, before a case is opened for a VPN that will not come up. Also, this article describes the logs or files that will assist the Juniper Networks Technical Assistance Center (JTAC) with troubleshooting a Site-to-Site VPN.

The capturing of logs can be required to further troubleshoot VPN issues. Collecting the information that is listed below will help towards identifying the issue.

 

Symptoms:
After following the procedure in KB9221 - How to Troubleshoot a Site-to-Site VPN that won’t come up and the VPN continues to fail, which logs are needed to further troubleshoot the issue?
Solution:
The logs that are required to further troubleshoot a VPN issue are as follows:
 
  • get tech

  • get event

  • get ike cookie

  • get sa
 

Capture the above information on each Juniper product.

To capture the above mentioned data, perform the following procedure:
 
  1. Logon to the Juniper device, either by Telnet or a terminal software over the Console port. For assistance, refer to KB6011 - How to Setup a Serial Console Connection to the NetScreen's Communications Port Using Hyperterminal.  

  2. Turn on the text capture feature of your Telnet or terminal software.  For assistance, refer to KB6206 - How do I save the console or screen data from a telnet session? 
  3. Issue the following commands;
     
    • set console page 0 (this command disables the more option)
    • get tech
    • get ike cookie
    • get sa
    • get event type 536  (this command will capture all the events that are VPN related
    • set console page 22 (this command will restore the console setting size)
    • collect "debug ike detail"  Refer to KB14620 - [ScreenOS] How to run a 'debug ike detail'? for the same.

  4. Save the captured data to a file.
 
When the data has been collected, open a Service Request via phone (Contact Support)  or via the web Service Request (Case) Manager 
Modification History:
2019-05-22: Content reviewed for accuracy. Links updated.
Related Links: