Chapter 26 Logs Screens
Table 177 IKE Logs (continued)
LOG MESSAGE | DESCRIPTION |
Cannot resolve Secure | The router couldn’t resolve the IP address from the domain |
Gateway Addr for rule <%d> | name that was used for the secure gateway address. |
Peer ID: <peer id> <My remote | The displayed ID information did not match between the two |
type> | ends of the connection. |
vs. My Remote <My remote> - | The displayed ID information did not match between the two |
<My remote> | ends of the connection. |
vs. My Local <My | The displayed ID information did not match between the two |
local> | ends of the connection. |
Send <packet> | A packet was sent. |
Recv <packet> | IKE uses ISAKMP to transmit data. Each ISAKMP packet |
| contains many different types of payloads. All of them show in |
| the LOG. Refer to RFC2408 – ISAKMP for a list of all ISAKMP |
| payload types. |
|
|
Recv <Main or Aggressive> | The router received an IKE negotiation request from the peer |
Mode request from <IP> | address specified. |
Send <Main or Aggressive> | The router started negotiation with the peer. |
Mode request to <IP> |
|
Invalid IP <Peer local> / | The peer’s “Local IP Address” is invalid. |
<Peer local> |
|
Remote IP <Remote IP> / | The security gateway is set to “0.0.0.0” and the router used |
<Remote IP> conflicts | the peer’s “Local Address” as the router’s “Remote Address”. |
| This information conflicted with static rule #d; thus the |
| connection is not allowed. |
|
|
Phase 1 ID type mismatch | This router’s "Peer ID Type" is different from the peer IPSec |
| router's "Local ID Type". |
Phase 1 ID content mismatch | This router’s "Peer ID Content" is different from the peer |
| IPSec router's "Local ID Content". |
No known phase 1 ID type | The router could not find a known phase 1 ID in the |
found | connection attempt. |
ID type mismatch. Local / | The phase 1 ID types do not match. |
Peer: <Local ID type/Peer ID |
|
type> |
|
ID content mismatch | The phase 1 ID contents do not match. |
Configured Peer ID Content: | The phase 1 ID contents do not match and the configured |
<Configured Peer ID Content> | "Peer ID Content" is displayed. |
Incoming ID Content: | The phase 1 ID contents do not match and the incoming |
<Incoming Peer ID Content> | packet's ID content is displayed. |
Unsupported local ID Type: | The phase 1 ID type is not supported by the router. |
<%d> |
|
Build Phase 1 ID | The router has started to build the phase 1 ID. |
Adjust TCP MSS to %d | The router automatically changed the TCP Maximum |
| Segment Size value after establishing a tunnel. |
Rule <%d> input idle time | The tunnel for the listed rule was dropped because there was |
out, disconnect | no inbound traffic within the idle timeout period. |
XAUTH succeed! Username: | The router used extended authentication to authenticate the |
<Username> | listed username. |
502 |
| |
ZyWALL 2WG User’s Guide |
| |
|
|
|