Enabling logging of IPsec packets
Perform this task to enable the logging of IPsec packets that are discarded because of reasons such as IPsec SA lookup failure, AH-ESP authentication failure, and ESP encryption failure. The log information includes the source and destination IP addresses, the SPI value, and the sequence number of a discarded IPsec packet, and the reason for the failure.
To enable the logging of IPsec packets:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable the logging of IPsec packets. | ipsec logging packet enable | By default, the logging of IPsec packets is disabled. |