Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Monitor and Troubleshoot Juniper Secure Connect

This topic contains information about VPN monitoring and troubleshooting issues with Juniper Secure Connect.

For monitoring the VPN connection, use the J-Web interface, as described in Monitor Your VPN Connection.

If you encounter any issues while using Juniper Secure Connect application, we recommend that you follow these steps to check the log messages and locate the issue:

Monitor Your VPN Connection

You can use the J-Web interface to monitor the existing remote access VPN connection. To do this, navigate to Monitor > Network > IPsec VPN page. Figure 1 shows the sample IPsec VPN page under monitoring menu option.

Figure 1: Monitor IPsec VPN Page IPsec VPN management interface showing VPN connection details including remote gateway JUNIPER_SECURE_CONNECT, IKE status up, local and remote IPs, VPN name, and IPsec soft life.

The IPsec VPN page displays IKE/IPsec configuration, Security associations (SA), and IPsec statistics information.

See Monitor IPsec VPN for more details.

You can also view J-Web Dashboard to get the status and count of IKE peers as shown in Figure 2. Hover over the sections in the widget, to view the IKE peers count with VPN topology type. See Dashboard Overview .

Figure 2: Sample IPsec VPNs (IKE Peers) Dashboard Dashboard interface for a network security system showing widgets on top for top users, high-risk apps, and threat sources; a central circular chart displays active IPsec VPN connections with a green status; left-side navigation panel with icons; timestamp shows last update on Apr 9, 2021; top-right corner displays device name vSRX-RAVPN VSRX.

Check Junos OS Logs

You must configure syslog to save the syslog file on your device. Currently, J-Web does not support structured logs. Only unstructured logs are supported.

To view the system logs in J-Web interface, navigate to Device Administration > Operations > Files as shown below:

Figure 3: Files Page Screenshot of web interface for file management on Juniper SRX device, showing options to clean up files, view file types and usage, and delete backup JUNOS package.

The default logs files and trace options are automatically created under /var/log folder.

You can view the stream (traffic or routing engine) logs by navigating to Monitor > Events > IPsec VPN page.

Check Juniper Secure Connect Application Logs

Windows

Following are the steps to check the Juniper Secure Connect application logs on a Windows device:

  1. The log is continuously active in the background, even if the log window is not open. All the relevant Juniper Secure Connect communication events are displayed and saved for one week per operation day, in a log file. The files older than seven online days are automatically deleted.

    The log file is generated automatically in the installation directory under the Log folder when the communication process is completed. The log file is named in NCPyymmdd.LOG format, where yy=year, mm=month, and dd=date. Select Help > Logbook to view the log messages in the log book page.

    You can change the storage time for log files using the Extended Log Settings option. You can open and analyze the log files using a text editor.

    Figure 4: Logbook Menu Option Juniper Secure Connect VPN client interface showing inactive connection with red toggle, new connection profile, gateway URL, and help menu options.
    Figure 5: Log Message Display Log viewer displaying timestamped entries of network configuration and VPN activity, including IP address change, IPsec connection, and manual disconnect.

  2. From the menu bar, click Help and then select Extended Log Settings.

    Figure 6: Extended Log Settings Menu OptionJuniper Secure Connect interface showing Help menu options like Logbook and Network Diagnostics with fields for VPN connection details.

  3. Enable all options by selecting all the check boxes, and then click OK.

    Figure 7: Extended Log SettingsExtended Log Settings window for client VPN and PKI system. Includes options for detailed logging, log retention periods, and restart button.

  4. Open the logbook and check for any log messages that indicate the problem. If you cannot resolve your issue based upon the log messages, start the Support Assistant by clicking Help and then selecting Support Assistant. The Support Assistant collects all the required data.

    Figure 8: Support Assistant Menu OptionJuniper Secure Connect VPN client interface with active profile JUNIPER_SECURE, open Help menu, and connection statistics.

  5. Click Add to attach any additional files, and then click Next. The Save archive file page opens.

    Figure 9: Save Archive FileSave archive file dialog in Support Assistant by Juniper Networks prompting for directory and name with buttons Back Next and Cancel.
    Figure 10: Log Files ListSupport Assistant window from Juniper Networks showing a Summary of files dialog with options to add, remove, or show files.

  6. Select the Only create the archive file option button. Then, click Next.

    Figure 11: Create Only Archive FileJuniper Networks Support Assistant interface for creating an archive file with the option Only create the archive file selected.

    After the archival process is completed, Juniper Secure Connect displays the archived file location.

    Figure 12: Successful Creation of Log Files ArchivalSupport Assistant tool creating archive file at C:\Users\Administrator\Desktop\JuniperSecureConnect.zip; Finish button grayed out.

  7. Click Finish.

macOS

  1. Select Log > Logbook through the Juniper Secure Connect application menu to open the logbook.

    Figure 13: Logbook Menu OptionJuniper Secure Connect app interface with options to set up a new connection, enter gateway address, and view connection statistics.

    Check for any log messages that indicate the problem.

    Figure 14: Displaying Log InformationJuniper Secure Connect interface for configuring VPN connections and viewing log book for troubleshooting.

  2. If you are not able to resolve the issue, save this log message into a file with the ncpmonlog.txt filename. Copy the file ncpphone.cfg to the same location where you saved the logbook file /Library/Application Support/Juniper/SecureConnect/ncpphone.cfg.

  3. To locate the ncpphone.cfg file, open the Finder and select Go in the menu bar and at the same time press down the “Option” key on your keyboard.

    Figure 15: Open File LibraryGo menu in Finder on macOS with Library option highlighted; shows navigation options like Recents, Desktop, and more.

    The directory location where the Juniper Secure Connect files are saved is displayed.

    Figure 16: Juniper Secure Connect DirectoryFile directory screenshot showing folder SecureConnect with files including ncpphone.cfg, libcrypto.1.0.0.dylib, english.dat, NCP Tracer.app, and folders like arls and cacerts.

Android

Following are the steps to check the Juniper Secure Connect application logs on an Android device:

In the Juniper Secure Connect application menu, click the three vertical dots at the top right corner and select Log from the menu.

Figure 17: Juniper Secure Connect Application Screen Juniper Secure Connect interface with connection profile fields, statistics like Total Tx and Speed, and a connection toggle switch.
Figure 18: Log Menu OptionJuniper Secure Connect interface for VPN showing New Connection profile, gateway address 10.0.0.100/realm, menu options, zero connection statistics, and Juniper logo.

The log output window appears, displaying the log messages.

Figure 19: Displaying Log InformationJuniper Secure Connect log output showing system messages and events, including certificate configurations, virtual adapter settings, and connection events.

iOS

The log is continuously active in the background, even if the log window is closed. All the relevant Juniper Secure Connect communication events are saved in the log file. Navigate to Diagnostics > Debugging > Error Log to view the log messages. Click on the export icon right on top of the screen to send the log file through the offered applications.

Figure 20: Log Messages Screenshot of a diagnostics log showing messages between a device and Juniper server, including NOTIFY_MSG_R_U_HERE and Msg_Con_R_U_HERE_ACK, with timestamps.

Related Documentation