03-11-2024 10:41 AM
Hello,
Can I view logs in the FTD from a period in the recent past that has the information for why a VPN tunnel went down?
If I were troubleshooting the connection live, I would enable debugging with the following:
debug crypto condition peer "IP"
debug crypto ikev2 platform ...
debug crypto ikev2 protocol ...
But I am tasked with finding out why this tunnel went down. It has been happening about once a week. To bring it back up I just do a packet-tracer to create the interesting traffic. But can't figure out why the normal traffic doesn't bring it back up.
Thanks
03-11-2024 10:51 AM
Depends on Logging config, is this Managed by FMC - you should able to view the logs in FMC
But can't figure out why the normal traffic doesn't bring it back up.
this need to review the configure - if other side configured as intiator the trffic should intiate from oher side.
Also suggest to run the debug to understand what is wrong ?
03-11-2024 11:05 AM
Yes, it is managed by FMC. In the syslog settings the VPN logging is not checked. Can the logs still be viewed in the FMC? To be honestly, I need a good course on just logging for Cisco gear.
As to the traffic, supposedly the tunnel is bi directional, so either side should be able to be the initiator. And when I do a packet-tracer it is from the inside, so again, it confuses me why packet-tracer can bring the tunnel up, but traffic from the inside can't.
03-11-2024 11:13 AM
That link did help. I see I need to turn on the logging and then I can view it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide