IPsec log messages

The IPsec dynamic key exchange protocol, IKE, is sometimes difficult to configure.

Log messages are a very useful tool to understand why an IKE connection cannot be established, and to make out how to tune the configuration.

Log messages also enable to trace secure connections establishment.

Configuration overview

All IKE log messages are sent at the debug severity level.

Activating IKE logs

The administrator can globally activate IKE logs,.using the following command, in the sec or log contexts of a configuration.

router{conf:myconfig-sec}log ike SESSION [SEVERITY]
router{conf:myconfig-log}log ike SESSION [SEVERITY]

Example

router{conf:myconfig-sec}log ike session1 debug
router{conf:myconfig-log}log ike session2 debug