Command Reference Guide

SROS Command Line Interface Reference Guide Enable Mode Command Set

debug crypto [ike | ike negotiation | ike client authentication |

ike client configuration | ipsec | pki]

Use the debug crypto command to activate debug messages associated with IKE and IPSec functions.

Debug messages are displayed (real-time) to the terminal (or Telnet) screen. Use the no form of this

command to disable the debug messages.

Syntax Description

ike Displays all IKE debug messages.

ike negotiation Displays only IKE key management debug messages (e.g., handshaking).

ike client authenticationDisplays IKE client authentication messages as they occur.

ike client configurationDisplays mode-config exchanges as they take place over the IKE SA. It is

enabled independently from the ike negotiation debug described previously.

ipsec Displays all IPSec debug messages.

pki Displays all PKI (public key infrastructure) debug messages.

Default Values

By default, all debug messages in the Secure Router OS are disabled.

Command Modes

# Enable Command Mode

Usage Examples

The following example activates the IPSec debug messages:

>enable

#debug crypto ipsec