Chapter 25 Logs Screens
Table 153 IKE Logs
LOG MESSAGE | DESCRIPTION |
Active connection allowed | The IKE process for a new connection failed because the limit |
exceeded | of simultaneous phase 2 SAs has been reached. |
Start Phase 2: Quick Mode | Phase 2 Quick Mode has started. |
Verifying Remote ID failed: | The connection failed during IKE phase 2 because the router |
| and the peer’s Local/Remote Addresses don’t match. |
Verifying Local ID failed: | The connection failed during IKE phase 2 because the router |
| and the peer’s Local/Remote Addresses don’t match. |
IKE Packet Retransmit | The router retransmitted the last packet sent because there |
| was no response from the peer. |
Failed to send IKE Packet | An Ethernet error stopped the router from sending IKE |
| packets. |
Too many errors! Deleting SA | An SA was deleted because there were too many errors. |
Phase 1 IKE SA process done | The phase 1 IKE SA process has been completed. |
Duplicate requests with the | The router received multiple requests from the same peer |
same cookie | while still processing the first IKE packet from the peer. |
IKE Negotiation is in | The router has already started negotiating with the peer for |
process | the connection, but the IKE process has not finished yet. |
No proposal chosen | Phase 1 or phase 2 parameters don’t match. Please check all |
| protocols / settings. Ex. One device being configured for |
| 3DES and the other being configured for DES causes the |
| connection to fail. |
|
|
Local / remote IPs of | The security gateway is set to “0.0.0.0” and the router used |
incoming request conflict | the peer’s “Local Address” as the router’s “Remote Address”. |
with rule <%d> | This information conflicted with static rule #d; thus the |
| connection is not allowed. |
Cannot resolve Secure | The router couldn’t resolve the IP address from the domain |
Gateway Addr for rule <%d> | name that was used for the secure gateway address. |
Peer ID: <peer id> <My remote | The displayed ID information did not match between the two |
type> | ends of the connection. |
vs. My Remote <My remote> - | The displayed ID information did not match between the two |
<My remote> | ends of the connection. |
vs. My Local <My | The displayed ID information did not match between the two |
local> | ends of the connection. |
Send <packet> | A packet was sent. |
Recv <packet> | IKE uses ISAKMP to transmit data. Each ISAKMP packet |
| contains many different types of payloads. All of them show in |
| the LOG. Refer to RFC2408 – ISAKMP for a list of all ISAKMP |
| payload types. |
|
|
Recv <Main or Aggressive> | The router received an IKE negotiation request from the peer |
Mode request from <IP> | address specified. |
Send <Main or Aggressive> | The router started negotiation with the peer. |
Mode request to <IP> |
|
Invalid IP <Peer local> / | The peer’s “Local IP Address” is invalid. |
<Peer local> |
|
438 |
| |
ZyWALL 2 Plus User’s Guide |
| |
|
|
|