Last updated on: June 14 2024.

Gather Problem Description

It’s important to be able to describe exactly how the problem impacts you. Being able to describe the symptoms in detail will lead to faster resolution.

It could be that the tunnel is not establishing or that traffic cannot pass over the tunnel. The following questions must be applied to any problem scenario. Answer as many of these questions as possible.

Affected Tunnels

  1. Is this a problem with all tunnels, some or one tunnel?

  2. Is the tunnel up but traffic over it does not connect?

  3. What are the IP address of the problematic remote IPsec peers?

  4. What are the private network IPs that should traverse the problematic tunnels?

  5. What are the Virtual Servers that should handle the private network traffic?

Problem Frequency

  1. Has the tunnel ever worked?

  2. Is this a permanent or intermittent problem?

  3. Does the problem happen after a specific duration of time?

  4. What were the exact dates and times of the problem?

  5. What were the exact dates and times that the problem recovered?

Remote Peer

  1. Can you retrieve logs and debug from the remote IPsec peer?

  2. Does the remote peer report the same tunnel state as the local peer?

Infrastructure Changes

  1. Describe any infrastructure or configuration change that occured up to a day before problems started.

  2. Consider carefully that the majority of support cases raised for IPsec are configuration problems.


In addition to the problem statement formed from the previous questions, it’s important to gather data as soon as a problem occurs. That includes:

  1. A qkview.

  2. A tarball of the /var/log directory.

  3. A tcpdump based on the IP addresses of the networks and hosts described above.

  4. Data from the remote peer, as described above.

This IPsec troubleshooting guide will provide more information about gathering the right data.

Top | Flowchart | Contents