Knowledge Search


×
 

What Information Should Be Collected for a Dial-UP VPN That Won't come up?

  [KB9395] Show Article Properties


Summary:

This document will assist you in gathering the required information to help resolve a problem with establishing a VPN Tunnel through your NetScreen Remote VPN Client. Collecting this information will help Technical support discover the cause of the problem.

Symptoms:

After going through the steps in one of the following Troubleshooting documents, and the VPN continues to fail, which logs are needed to further troubleshoot the issue?

Capturing logs could be required to further troubleshoot VPN issues. Collecting the information listed below will help towards identifying the cause of the issue
Solution:

The logs needed to further troubleshoot a VPN issue are:

  • From the Firewall:
    • get tech
    • get event
    • get ike cookie
    • get sa
  • From the NetScreen Remote Client:
    • The .spd file from the NetScreen Remote Client
    • The NetScreen Remote Client Log Viewer file

 

Follow the instructions below to capture the data:

Logs from the Juniper Firewall:

  1. Log in to the Juniper firewall, either by Telnet or a terminal software over the Console port. For assistance, see KB6011 - How to Setup a Serial Console Connection to the NetScreen's Communications Port Using Hyperterminal.
  2. Turn on the text capture feature of your Telnet or terminal software.  For assistance, see KB6206 - How do I save the console or screen data from a telnet session?
  3. Issue the following commands:
    • set console page 0 (this command disables the "more" option)
    • get tech
    • get ike cookie
    • get sa
    • set console page 22
    • get event (only the first four or five pages are needed)
  4. Save the captured data to a file. 

Logs from the NetScreen Remote Client:

  1. Save the NetScreen Remote's .spd file:
    1. At the Security Policy Editor, click on File -> Export Security Policy.  This will display the Export Policy To... window.
    2. Save the policy to the PC's hard drive by naming the file and selecting a location to save it.  Make sure the policy is unlocked. 
    3. Click Export.
  2. Save the Log Viewer file:
    1. Right click on the NS-Remote's icon in the PC's System Tray.
    2. Left click on Log Viewer
    3. Click on Save Log.  This will bring up the Save As window.
    4. Give the file a name, leaving the extension as .log, and save it to the PC's hard drive.
Once the data has been collected, open a case by either calling in to Juniper Networks Technical Assistance Center at 888-314-JTAC (5822) or login to the Case Management tool via the Juniper support site at: Case Management and click on the "Create a Case" link.
Related Links: