09-12-2024 04:27 AM
how do you see output on a Firepower cli that is manged by FMC. Im trying to run debug crypto ikev2 protocol and platform. I dont see any messages in the FMC syslog
09-12-2024 04:31 AM
@michael18 SSH to the FTD - from the CLI enter system support-diagnostics CLI and run debugs there.
09-12-2024 04:38 AM
Thanks for the info. Ill take a look at that document.
in diag CLI, when I enable the debug I get response:
INFO: 'logging debug-trace' is enabled. All debug messages are currently being redirected to syslog:711001 and will not appear in any monitor session
When i look in FMC syslog I dont see any info relating to the VPN im looking at
09-12-2024 04:41 AM
@michael18 in the platform settings policy applied to that FTD, what syslog settings have you configured?
09-12-2024 05:34 AM
the logging level was set to errors. ive updated this to debugging but still dont see anything in FMC syslogs.
how do I enable monitor logging so i can see debug on local CLI
Thanks
09-12-2024 05:38 AM
@michael18 check out this guide for the syslog settings to VPN debugging.
09-12-2024 05:41 AM
I reply to your Q below
you need to clear crypto to see new IPsec VPN in CLI
MHM
09-12-2024 04:45 AM
711001 is level 7 so you need to config FMC platform setting syslog to use level 7
and it not appear in CLI meaning there is no new IPsec phase1 and phase2 exhange between peer
you need to force peer to re-exchange ipsec by clear crypto sa
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide