request security ike debug-enable local remote level
show log /var/log/kmd
request security ike debug-disable

Notes:

  • This enables logging to the KMD log without the need to commit

  • SUMMARY: This is another option for typical ike/ipsec traceoptions to selectively troubleshoot VPN issues
  • PROBLEM OR GOAL: Enabling ike/ipsec traceoptions on the system can be very CPU intensive and can contribute to performance issues. Troubleshooting can be difficult with traceoptions as multiple VPNs may appear in the traceoptions output

Documentation

Next Post Previous Post