Hello All,
I am trying to troubleshoot a VPN tunnel from our SRX210 to a Cisco ASA that's not coming up. I already found this troubleshooting link:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB10100
At one point it states to check the KMD log with this command: show log kmd | match 1.1.1.2
or show log kmd | find 1.1.1.2
But then of course with the IP address of the Cisco ASA endpoint. But I find litterally 0 entries. In general there are almost no VPN issue entries in the log even though I have had plenty issues in the past. I know I am the initiating side but I would still expect some errors with details about why the tunnel is failing (PSK Mismatch, P1 proposal Mismatch etc.)
Do I have to enable some kind of debug logging before these entries are entered into the KMD log?
I used this command once: request security ike debug-enable level 15 local <local ip> remote <remote ip>
But then the KMD got flooded with way TO much info. It was hard to find the entries that really mattered.
I have to say, all this stuff was WAY easier to troubleshoot on our old Netscreen 5GT;s !!
thanks for any help, it is greatly appreciated.