cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
895
Views
1
Helpful
3
Replies

FTD Logging for VPN issues

trilerian1
Level 1
Level 1

Hello,

Can I view logs in the FTD from a period in the recent past that has the information for why a VPN tunnel went down?

If I were troubleshooting the connection live, I would enable debugging with the following:

debug crypto condition peer "IP"

debug crypto ikev2 platform ...

debug crypto ikev2 protocol ...

 

But I am tasked with finding out why this tunnel went down.  It has been happening about once a week.  To bring it back up I just do a packet-tracer to create the interesting traffic.  But can't figure out why the normal traffic doesn't bring it back up.

 

Thanks

 

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

Depends on Logging config, is this Managed by FMC - you should able to view the logs in FMC

But can't figure out why the normal traffic doesn't bring it back up.

this need to review the configure - if other side configured as intiator the trffic should intiate from oher side.

Also suggest to run the debug to understand what is wrong ?

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/firepower_threat_defense_vpn_troubleshooting.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes, it is managed by FMC.  In the syslog settings the VPN logging is not checked.  Can the logs still be viewed in the FMC? To be honestly, I need a good course on just logging for Cisco gear.  

As to the traffic, supposedly the tunnel is bi directional, so either side should be able to be the initiator.  And when I do a packet-tracer it is from the inside, so again, it confuses me why packet-tracer can bring the tunnel up, but traffic from the inside can't.  

That link did help.  I see I need to turn on the logging and then I can view it.