Sidewinder troubleshooting commands
A-4
Troubleshooting
that the selected connection has established SAs.
To view Authentication (Phase 1) security associations negotiated
by IKE, click the Phase 1 tab.
To view Key Exchange (Phase 2) security associations negotiated
by IPSec, click the Phase 2 tab.
Sidewinder
troubleshooting
commands
In addition to standard logging, the Sidewinder also performs auditing
of certain system events which allows you to generate information on
VPN connections. Table A-1 shows some useful commands you can
use to track VPN connections in real-time mode and check VPN
settings/configuration.
Table A-1. Basic Sidewinder VPN troubleshooting commands
Commands
tcpdump -npi
ext_interface
port 500 proto 50
To show IPSEC and ESP traffic arriving at the firewall
cf ipsec q
To review VPN policies on Sidewinder console
cf ipsec policydump
To determine if VPN is active
showaudit -v
To show detailed audit trace information for VPN.