Cloud Managed Networks

Dear Experts, 

We are trying to establish s2s vpn with fortigate however its not getting up. How we can run the show commands in aos10 gateway to understand better what might be the issue?

• Start with verifying that the configuration matches 
• Review logs; VPN negotiation errors usually provide clear clues.
• You can try the following commands:
  - show crypto ipsec sa
  - show crypto isakmp sa
  - show log security all

Enable debugging :

Dear Experts, 

We are trying to establish s2s vpn with fortigate however its not getting up. How we can run the show commands in aos10 gateway to understand better what might be the issue?

Ok i will try it

Meanwhile i am testing s2s vpn in my lab to check, can you also tell me the which logging command gives me detailed debug output of ike and ipsec?

• Start with verifying that the configuration matches 
• Review logs; VPN negotiation errors usually provide clear clues.
• You can try the following commands:
  - show crypto ipsec sa
  - show crypto isakmp sa
  - show log security all

Enable debugging :

Dear Experts, 

We are trying to establish s2s vpn with fortigate however its not getting up. How we can run the show commands in aos10 gateway to understand better what might be the issue?

Like harriman was mentioning you can use the commands "show crypto ipsec sa" and show crypto isakmp sa" to get the detailed output. At the VPN peer IP to the command to get the detailed output for a specific SA

Ok i will try it

Meanwhile i am testing s2s vpn in my lab to check, can you also tell me the which logging command gives me detailed debug output of ike and ipsec?

• Start with verifying that the configuration matches 
• Review logs; VPN negotiation errors usually provide clear clues.
• You can try the following commands:
  - show crypto ipsec sa
  - show crypto isakmp sa
  - show log security all

Enable debugging :

Dear Experts, 

We are trying to establish s2s vpn with fortigate however its not getting up. How we can run the show commands in aos10 gateway to understand better what might be the issue?

Original Message:
Sent: 4/2/2025 6:23:00 AM
From: willembargeman
Subject: RE: AOS10 Gateway site to site vpn debug

Like harriman was mentioning you can use the commands "show crypto ipsec sa" and show crypto isakmp sa" to get the detailed output. At the VPN peer IP to the command to get the detailed output for a specific SA

------------------------------
Willem Bargeman
Systems Engineer Aruba
ACEX #125

Original Message:
Sent: Apr 02, 2025 06:04 AM
From: Owais101
Subject: AOS10 Gateway site to site vpn debug

Ok i will try it

Meanwhile i am testing s2s vpn in my lab to check, can you also tell me the which logging command gives me detailed debug output of ike and ipsec?

------------------------------
iqbal

Original Message:
Sent: Apr 01, 2025 04:59 PM
From: harriman
Subject: AOS10 Gateway site to site vpn debug

• Start with verifying that the configuration matches 
• Review logs; VPN negotiation errors usually provide clear clues.
• You can try the following commands:
  - show crypto ipsec sa
  - show crypto isakmp sa
  - show log security all

Enable debugging :

Original Message:
Sent: Apr 01, 2025 02:42 PM
From: Owais101
Subject: AOS10 Gateway site to site vpn debug

Dear Experts, 

We are trying to establish s2s vpn with fortigate however its not getting up. How we can run the show commands in aos10 gateway to understand better what might be the issue?

------------------------------
iqbal
------------------------------