VPN Will Not Connect¶
Symptom: IPsec tunnel or SSL VPN session won't establish. Multiple sub-symptoms, multiple causes — diagnostic flow needed.
See also VPN Troubleshooting for the canonical diagnostic flow with command-by-command guidance.
Quick Map¶
| Symptom | Likely cause | Page |
|---|---|---|
| Phase 1 won't come up (IPsec) | PSK / proposals / ID mismatch | VPN Troubleshooting |
| Phase 1 up, Phase 2 won't | Subnet / proposal mismatch | VPN Troubleshooting |
| Tunnel up, no traffic | Firewall policy / route missing | VPN Troubleshooting |
| SSL VPN client stuck at 80% | Portal / policy missing | SSL VPN Tunnel Mode |
| SSL VPN auth fails | User group / portal mapping | SSL VPN Web Portal |
| Random drops at 30 seconds | RTP timeout / NAT timer | Configure Split Tunneling |
Core IPsec Diagnostic¶
# Phase 1 status:
diagnose vpn ike gateway list name <tunnel-name>
# Phase 2 status:
diagnose vpn tunnel list name <tunnel-name>
# Live IKE negotiation watch:
diagnose vpn ike log-filter dst-addr4 <remote-public-ip>
diagnose debug application ike -1
diagnose debug enable
# (Initiate / wait for negotiation)
diagnose debug disable
diagnose vpn ike log-filter clear
Core SSL VPN Diagnostic¶
# Active sessions:
diagnose vpn ssl list
# Live SSL VPN events:
diagnose debug application sslvpn -1
diagnose debug enable
# (Initiate connection)
diagnose debug disable
Related Pages¶
- VPN Troubleshooting — full diagnostic flow
- IPsec Site-to-Site VPN
- SSL VPN Tunnel Mode