If the VPN connections fail to work after the configuration of the parameters, the following diagnostic methods can be applied:
- The command show vpn spd on the CLI calls the "Security Policy Definitions".
- Use the command show vpn sadb to access information about the negotiated "Security Associations" (SAs).
- The command trace + vpn [status, packet] calls up the status and error messages for the current VPN negotiations.
- The error message "No proposal chosen" indicates a fault in the configuration at the remote site.
- The error message "No rule matched", on the other hand, indicates a fault in the configuration of the local gateway.
By default, the device retains the VPN error messages in the status table. Depending on the installation LANmonitor may display a large number of open error messages, which clutters the display. For this reason the command-line setting under enables you to define a period of time in minutes after which the device automatically deletes these error messages from the status table.
Note: To document sporadic errors, disable this option with the entry 0.
