Thanks for the info. Ill take a look at that document.

in diag CLI, when I enable the debug I get response:

  INFO: 'logging debug-trace' is enabled. All debug messages are currently being redirected to syslog:711001 and will not appear in any monitor session

When i look in FMC syslog I dont see any info relating to the VPN im looking at

@michael18 in the platform settings policy applied to that FTD, what syslog settings have you configured?

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/740/management-center-device-config-74/interfaces-settings-platform.html#concept_8637BBD154854CA498A2DA66D55A115E

the logging level was set to errors. ive updated this to debugging but still dont see anything in FMC syslogs.

how do I enable monitor logging so i can see debug on local CLI

Thanks

@michael18 check out this guide for the syslog settings to VPN debugging.

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-management-center/220647-implement-platform-settings-for-vpn-trou.html

I reply to your Q below 
you need to clear crypto to see new IPsec VPN in CLI

MHM

711001 is level 7 so you need to config FMC platform setting syslog to use level 7

and it not appear in CLI meaning there is no new IPsec phase1 and phase2 exhange between peer 

you need to force peer to re-exchange ipsec by clear crypto sa 
MHM