So, sometimes creating a VPN tunnel to another network can be a bear. Not so much because it is overly complex, but more so because the tech on the other end of the line insists that your appliance is the problem. Prove them wrong with logging.
I know there are not a ton out there, but here is how to set debug logging on a Netscreen 208:
set console dbuf - Sets the debug buffer up
clear dbuf - Clears out any leftover messages in the buffer
debug ike detail - sends all ike messages in detail to the buffer
Now try and connect through the tunnel.
undebug all - Stops logging
get dbuf stream - prints the contents of the buffer to the screen
Im not really that smart, a friend at work showed me how. The moral of the story is that sometimes you have to give empirical evidence to the clown-shoe on the other end of the line to convince them that your systems are not configured incorrectly. So make sure you not only know how to read logs and interpret the results, but also know how to get at logs that are not there by default.
About Me
- shaftiel
- A dedicated father and husband who truly believes in the value of family. I also have a passing interest in Information Security, by the way, I read your email.
No comments:
Post a Comment