User guide

Viewing IKE Traces for VPN Connections

308 Check Point ZoneAlarm User Guide

Viewing IKE Traces for VPN Connections

If you are experiencing VPN connection problems, you can save a trace of IKE (Internet

Key Exchange) negotiations to a file, and then use the free IKE View tool to view the file.

The IKE View tool is available for the Windows platform.

Note: Before viewing IKE traces, it is recommended to do the following:

• The ZoneAlarm router stores traces for all recent IKE negotiations. If

you want to view only new IKE trace data, clear all IKE trace data

currently stored on the ZoneAlarm router.

• Close all existing VPN tunnels except for the problematic tunnel, so as

to make it easier to locate the problematic tunnel's IKE negotiation

trace in the exported file.

To clear all currently-stored IKE traces

1. Click Reports in the main menu, and click the Tunnels tab.

The VPN Tunnels page appears with a table of open tunnels to VPN sites.

2. Click Clear IKE Trace.

All IKE trace data currently stored on the ZoneAlarm router is cleared.

To view the IKE trace for a connection

1. Ask the administrator of the VPN site with which you are experiencing

connection problems to establish a VPN tunnel to the ZoneAlarm VPN Server.

For information on when and how VPN tunnels are established, see Viewing VPN

Tunnels on page 305.

2. Click Reports in the main menu, and click the Tunnels tab.

The VPN Tunnels page appears with a table of open VPN tunnels.

3. Click Save IKE Trace.

A standard File Download dialog box appears.

4. Click Save.

The Save As dialog box appears.