CheckPoint advanced VPN Debugging

CheckPoint shows basic VPN information in SmartDashboard VPN section.
but sometimes there is not enough information on certain problems (like id mismatch).
There is a way to obtain more detailed logs (sort of Cisco’s “debug crypto ipsec” command).

To turn on VPN debug log enter the following command:

 vpn debug trunc; vpn debug ikeon

This will enable log output to $FWDIR/log/ike.elg
To read the file output in a more convenient way, download Checkpoint’s *IKEView.exe* utility (Windows only):

Don’t forget to stop the debug with command:

 vpn debug off; vpn debug ikeoff  

Source: sk33327