CheckPoint shows basic VPN information in SmartDashboard VPN section.
but sometimes there is not enough information on certain problems (like id mismatch).
There is a way to obtain more detailed logs (sort of Cisco’s “debug crypto ipsec” command).
To turn on VPN debug log enter the following command:
vpn debug trunc; vpn debug ikeon
This will enable log output to $FWDIR/log/ike.elg
To read the file output in a more convenient way, download Checkpoint’s *IKEView.exe* utility (Windows only):
Don’t forget to stop the debug with command:
vpn debug off; vpn debug ikeoff