|
|
|
|
| Chapter 26 Logs Screens |
| Table 176 IPSec Logs (continued) |
| |||
| LOG MESSAGE |
| DESCRIPTION | ||
| Receive IPSec packet, |
| The router dropped an inbound packet for which SPI could not find a | ||
| but no corresponding |
| corresponding phase 2 SA. | ||
| tunnel exists |
|
|
|
|
| Rule <%d> idle time |
| The router dropped a connection that had outbound traffic and no | ||
| out, disconnect |
| inbound traffic for a certain time period. You can use the "ipsec timer | ||
|
|
| chk_conn" CI command to set the time period. The default value is 2 | ||
|
|
| minutes. | ||
|
|
|
|
| |
| WAN IP changed to <IP> |
| The router dropped all connections with the “MyIP” configured as | ||
|
|
| “0.0.0.0” when the WAN IP address changed. | ||
| Inbound packet |
| Please check the algorithm configuration. | ||
| decryption failed |
|
|
|
|
| Cannot find outbound SA |
| A packet matches a rule, but there is no phase 2 SA for outbound | ||
| for rule <%d> |
| traffic. |
| |
| Rule [%s] sends an echo |
| The device sent a ping packet to check the specified VPN tunnel's | ||
| request to peer |
| connectivity. | ||
| Rule [%s] receives an |
| The device received a ping response when checking the specified | ||
| echo reply from peer |
| VPN tunnel's connectivity. | ||
| Table 177 IKE Logs |
|
|
| |
| LOG MESSAGE |
|
| DESCRIPTION | |
| Active connection allowed |
|
| The IKE process for a new connection failed because the limit | |
| exceeded |
|
| of simultaneous phase 2 SAs has been reached. | |
| Start Phase 2: Quick Mode |
|
| Phase 2 Quick Mode has started. | |
| Verifying Remote ID failed: |
| The connection failed during IKE phase 2 because the router | ||
|
|
|
|
| and the peer’s Local/Remote Addresses don’t match. |
| Verifying Local ID failed: |
| The connection failed during IKE phase 2 because the router | ||
|
|
|
|
| and the peer’s Local/Remote Addresses don’t match. |
| IKE Packet Retransmit |
|
| The router retransmitted the last packet sent because there | |
|
|
|
|
| was no response from the peer. |
| Failed to send IKE Packet |
|
| An Ethernet error stopped the router from sending IKE | |
|
|
|
|
| packets. |
| Too many errors! Deleting SA |
| An SA was deleted because there were too many errors. | ||
| Phase 1 IKE SA process done |
| The phase 1 IKE SA process has been completed. | ||
| Duplicate requests with the |
| The router received multiple requests from the same peer | ||
| same cookie |
|
| while still processing the first IKE packet from the peer. | |
| IKE Negotiation is in |
|
| The router has already started negotiating with the peer for | |
| process |
|
| the connection, but the IKE process has not finished yet. | |
| No proposal chosen |
|
| Phase 1 or phase 2 parameters don’t match. Please check all | |
|
|
|
|
| protocols / settings. Ex. One device being configured for |
|
|
|
|
| 3DES and the other being configured for DES causes the |
|
|
|
|
| connection to fail. |
|
|
|
|
| |
| Local / remote IPs of |
|
| The security gateway is set to “0.0.0.0” and the router used | |
| incoming request conflict |
|
| the peer’s “Local Address” as the router’s “Remote Address”. | |
| with rule <%d> |
|
| This information conflicted with static rule #d; thus the | |
|
|
|
|
| connection is not allowed. |
| 501 |
ZyWALL 2WG User’s Guide | |
|
|