Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

request security ike debug-enable

Syntax

Description

Enable IKE tracing on a single VPN tunnel specified by a local and a remote IP address. Use of this command is an alternative to configuring IKE traceoptions; no configuration is required to use this command. This command only traces a single tunnel, whereas configuring IKE traceoptions affects all VPN tunnels on the SRX Series device.

To use this command:

  1. Identify the local and remote IP addresses of the VPN tunnel you want to trace.

  2. Enable IKE tracing on the VPN tunnel with this command.

  3. Attempt tunnel establishment to capture trace information to the log file:

    • For the SRX Series devices except SRX5000 line of devices with SRX5K-SPC3 card, the trace information is stored in /var/log/kmd file.

    • For the SRX5000 line of devices with SRX5K-SPC3 card (including mixed mode), the trace information is stored in /var/log/iked file.

    If you have configured a file for IKE traceoptions, the trace information is stored in the specified filename.

  4. Disable per-tunnel IKE tracing with the request security ike debug-disable command.

  5. Review the log file with the following command:

    • For the SRX Series devices except SRX5000 line of devices with SRX5K-SPC3 card, run the show log kmd command.

    • For SRX5000 line of devices with SRX5K-SPC3 card (including mixed mode), run the show log iked command.

You can use the show security ike debug-status command:

  • to view the status of the per-tunnel IKE tracing operation.

  • to view the status of the interchassis link tunnel only.

Options

  • local local-ip-address—The address of the local VPN peer.

  • remote remote-ip-address—The address of the remote VPN peer.

Required Privilege Level

maintenance

Release Information

Command introduced in Junos OS Release 11.4R3.