Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What information should I collect for a Site-to-Site VPN that won't come up?

0

0

Article ID: KB9229 KB Last Updated: 24 May 2019Version: 5.0
Summary:
This article describes the information that should be collected, before a case is opened for a VPN that will not come up. Also, this article describes the logs or files that will assist the Juniper Networks Technical Assistance Center (JTAC) with troubleshooting a Site-to-Site VPN.

The capturing of logs can be required to further troubleshoot VPN issues. Collecting the information that is listed below will help towards identifying the issue.

 

Symptoms:
After following the procedure in KB9221 - How to Troubleshoot a Site-to-Site VPN that won’t come up and the VPN continues to fail, which logs are needed to further troubleshoot the issue?
Solution:
The logs that are required to further troubleshoot a VPN issue are as follows:
 
  • get tech

  • get event

  • get ike cookie

  • get sa
 

Capture the above information on each Juniper product.

To capture the above mentioned data, perform the following procedure:
 
  1. Logon to the Juniper device, either by Telnet or a terminal software over the Console port. For assistance, refer to KB6011 - How to Setup a Serial Console Connection to the NetScreen's Communications Port Using Hyperterminal.  

  2. Turn on the text capture feature of your Telnet or terminal software.  For assistance, refer to KB6206 - How do I save the console or screen data from a telnet session? 
  3. Issue the following commands;
     
    • set console page 0 (this command disables the more option)
    • get tech
    • get ike cookie
    • get sa
    • get event type 536  (this command will capture all the events that are VPN related
    • set console page 22 (this command will restore the console setting size)
    • collect "debug ike detail"  Refer to KB14620 - [ScreenOS] How to run a 'debug ike detail'? for the same.

  4. Save the captured data to a file.
 
When the data has been collected, open a Service Request via phone (Contact Support)  or via the web Service Request (Case) Manager 
Modification History:
2019-05-22: Content reviewed for accuracy. Links updated.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search