Each side generates a symmetric key (based upon the DH key and key material exchanged). The peers exchange DH Key material (random bits and mathematical data) and methods for PhaseII are agreed for encryption and integrity. Each peer generates a shared secret from its private key and its peers public key, this is the DH key. Each peer generates a private Diffie-Hellman key from random bits and from that derives a DH public key. Peers Authenticate using Certificates or a pre-shared secret. PHASE1: negotiates encryption methods (DES/3DES/AES etc), the key length, the hash Algorithm (MD5/SHA1) and creates a key to protect the messages of the exchange. Note that another useful tool is 'vpn debug on mon' which writes all of the IKE captured data into a file ikemonitor.snoop which you can open with wireshark or ethereal. IKEView.exe which parses the information of ike.elg into a GUI making this easier to view.
To enable debugging, you need to login to your firewall and enter the command 'vpn debug on Check Point have a tool called
The $FWDIR/log/ike.elg file contains this information ( once VPN TROUBLESHOOTING: REFFER: Basics: IKE negotiation consists of two phases - Phase I (Main mode which is six packets) and Phase II (Quick Mode which is three packets).