If the VPN connections fail to work after the configuration of the parameters, the following diagnostic methods can be applied:
- The command show vpn spd on the Telnet console calls the “Security Policy Definitions”.
- Use the command show vpn sadb to access information about the negotiated “Security Associations” (SAs).
- The command trace + vpn [status, packet] calls up the status
and error messages for the current VPN negotiations.
- The error message “No proposal chosen” indicates a fault in the configuration at the remote site.
- The error message “No rule matched”, on the other hand, indicates a fault in the configuration of the local gateway.