How do I run full blown VPN debug on gateway for trouble shooting VPN issues?

How do I run full blown VPN debug on gateway for trouble shooting VPN issues?

SOLUTION

Please perform the following debug procedure on the firewall. 1. Enable ike debug and vpnd debug: vpn debug trunc vpn debug on TDERROR_ALL_ALL=5 2. Start fw monitor # fw monitor -e "accept;" -o vpn_traffic.mon 3. Start kernel debug in a new console, and run: fw ctl debug 0 fw ctl debug -buf 32768 fw ctl debug -m fw + conn drop vm fw ctl debug -m VPN + all fw ctl kdebug -f -T>& vpn_kernel.dbg 4. Now please inital traffic through the tunnel 5. Stop kernel debug by pressing Ctrl-C # fw ctl debug 0 6. Stop fw monitor by pressing Ctrl-C 7. Stop ike and vpnd debug: vpn debug off vpn debug ikeoff 8. You can verify using debug tools or Please zip the file: vpn_traffic.mon, vpn_kernel.dbg, $FWDIR/log/ike.elg, and all $FWDIR/log/vpnd.elg* files, and upload files to us once you open a Service Request.