To set up debugging for authentication troubleshooting, follow these steps:
Browse to Configuration > System > Events > General, and check Save Log on Wrap.
To configure a class to monitor in the logs, under Configuration > System > Events > Classes > Add, select a class name, make sure the class is enabled, and set severity to log at 1-13 (to capture all events). You can set this a bit lower (1-9 is sufficient in most cases), if you want less verbosity. If you are using a syslog server and would like the debugs to go there for collection, you can set the syslog value at 1-13. The default level is 1-5, which might not indicate all the events leading to an error or problem.
For authentication troubleshooting, follow Step 2 for classes: AUTH, AUTHDBG, and AUTHDECODE. It might also be beneficial to see IPsec-related messages, and IPSEC, IPSECDBG, and IPSECDECODE classes.
To view logs while events are occurring, go to Monitoring > Live Event Log.
To view logs that were generated after the event, either go to Administration > File Management > Files to view older log files (for example, after a crash) or go to Monitoring > Filterable Event Log.
To scroll though all the log events on one page, it is better to click on Get Log, under Monitoring > Filterable Event Log. Also, to move the log off the VPN 3000 Concentrator for off-line analysis, press Ctrl+A, and Ctrl+C on the keyboard to copy the log from the "Get Log" popup window and paste it with Ctrl+V into a notepad.