If the IKE tunnel cannot be established have a look in the FireWall-1 logviewer.
If the logviewer is not helpful, use the advanced IKE debugging option in FireWall-1:
Set the appropriate debug variable:
setenv FWISAKMP_DEBUG=1 (for FireWall-1 4.0)
setenv FWIKE_DEBUG=1 (for FireWall-1 4.1)
(On NT firewalls, use 'set' instead of setenv)
Rerun the FireWall-1 daemon (do: 'fwstop' and 'fwstart').
All subsequent IKE negotiations will be dumped in the file ISAKMP.log in FireWall-1 4.0
or IKE.elg in FireWall-1 4.1 (both in $FWDIR/log.
An advanced IKE user can use this file to help detect IKE problems. This file should be sent whenever contacting Check Point
No comments:
Post a Comment