show vpn flow  // View active tunnels
show vpn flow tunnel-id <id>  // More information about the tunnel from above

show vpn ike-sa
show vpn ipsec-sa

clear vpn ike-sa <gateway-name>
clear vpn ipsec-sa <tunnel name>

test vpn ike-sa gateway <gateway-name>
test vpn ipsec-sa tunnel <tunnel name>

Documentation

[ # ]

set deviceconfig system hostname <hostname> ip-address <ip> netmask <netmask> default-gateway <gateway-ip> dns-setting server primary <dns-ip>

[ # ]

request commit-lock remove admin <admin name>

[ # ]

show configuration groups junos-defaults applications
show groups junos-defaults

[ # ]

show chassis routing-engine

[ # ]

show system processes summary
show system processes extensive

Notes

  • Summary will provide a brief overview with the top 3 processes
  • Extensive includes all processes

[ # ]

show system snapshot media internal

[ # ]

set system services web-management limits debug-level 9
commit
run show log httpd.log | match powered

Documentation

[ # ]

request security ike debug-enable local remote level
show log /var/log/kmd
request security ike debug-disable

Notes:

  • This enables logging to the KMD log without the need to commit

  • SUMMARY: This is another option for typical ike/ipsec traceoptions to selectively troubleshoot VPN issues
  • PROBLEM OR GOAL: Enabling ike/ipsec traceoptions on the system can be very CPU intensive and can contribute to performance issues. Troubleshooting can be difficult with traceoptions as multiple VPNs may appear in the traceoptions output

Documentation

[ # ]

cf ipsec status

[ # ]