Troubleshoot Mobile VPN with IKEv2

This topic describes common problems and solutions for Mobile VPN with IKEv2:

Log Messages

To see log messages for events related to Mobile VPN with IKEv2:

  1. Set the diagnostic log level for IKE VPN.
  2. Open Traffic Monitor.
  3. Click the Search icon and type the Firebox IP address that IKEv2 VPN users connect to.
  4. After you troubleshoot the problem, reset the diagnostic log level to the previous setting. The default setting is Error.

We do not recommend that you select the highest logging level (Debug) unless a technical support representative directs you to do so while you troubleshoot a problem. When you use the highest diagnostic log level, the log file can fill up very quickly and performance of the Firebox can be reduced.

Installation Issues

Connection Issues

Account-Related Connection Issues

During the VPN connection process, the Firebox verifies the user's identity and group membership on the local database or an existing RADIUS server.

The user must be a member of:

  • The default IKEv2-Users group on the Firebox, or
  • A group explicitly added during Firebox configuration.

For these account-related connection issues, users see a general error message, such as:

Screen shot of an IKEv2 VPN connection error in Windows

To troubleshoot issues with AuthPoint authentication, see:

Issues After Connection

If users still cannot connect to network resources through an established VPN tunnel, see Troubleshoot Network Connectivity for information about other steps you can take to identify and resolve the issue.

See Also

Mobile VPN with IKEv2

Edit the Mobile VPN with IKEv2 Configuration