1. Administrative Security Guide
  2. Configuring IKEv2 Interfaces
  3. Debugging IKEv2 IPsec Tunnel Establishment
  4. Enabling/Disabling Targeted Debugging

Enabling/Disabling Targeted Debugging

Targeted debugging is enabled by the security ike debug-logging peer-ip-userid ACLI command which takes a single string argument in the form ipAddress:userID. For example: 

ORACLE# security ike debug-logging peer-ip-userid 172.16.20.1:12EDE12626719
ORACLE#

With endpoint-specific logging enabled, the log.iked, log.authd, and log.secured files are populated with data pertinent to the target endpoint only and exclude date for all other endpoints. Logging is based on an exact match of the IP address and user-id provided by the argument string.

Note:

This command is expensive and should be used to debug one or two endpoints at a time. The operating system imposes a hard limit of no more than 5 simultaneous targeted debugging sessions.

Use the no form of the command to stop an existing targeted debugging session 

ORACLE# security ike debug-logging peer-ip-userid 172.16.20.1:12EDE12626719 no
ORACLE#

Use the show security ike peer-endpoint-logging ACLI command to display a list of configured debug-logging sessions 

ORACLE# show security ike peer-endpoint-logging 
ORACLE#
IPaddress : Userid
==============
172.16.20.1:12EDE12626719
ORACLE#