ZyWALL 5/35/70 Series User’s Guide

Table 289 IKE Logs





Active connection allowed

The IKE process for a new connection failed because the limit


of simultaneous phase 2 SAs has been reached.

Start Phase 2: Quick Mode

Phase 2 Quick Mode has started.

Verifying Remote ID failed:

The connection failed during IKE phase 2 because the router


and the peer’s Local/Remote Addresses don’t match.

Verifying Local ID failed:

The connection failed during IKE phase 2 because the router


and the peer’s Local/Remote Addresses don’t match.

IKE Packet Retransmit

The router retransmitted the last packet sent because there


was no response from the peer.

Failed to send IKE Packet

An Ethernet error stopped the router from sending IKE



Too many errors! Deleting SA

An SA was deleted because there were too many errors.

Phase 1 IKE SA process done

The phase 1 IKE SA process has been completed.

Duplicate requests with the

The router received multiple requests from the same peer

same cookie

while still processing the first IKE packet from the peer.

IKE Negotiation is in process

The router has already started negotiating with the peer for


the connection, but the IKE process has not finished yet.

No proposal chosen

Phase 1 or phase 2 parameters don’t match. Please check all


protocols / settings. Ex. One device being configured for


3DES and the other being configured for DES causes the


connection to fail.

Local / remote IPs of

The security gateway is set to “” and the router used

incoming request conflict

the peer’s “Local Address” as the router’s “Remote Address”.

with rule <%d>

This information conflicted with static rule #d; thus the


connection is not allowed.

Cannot resolve Secure Gateway

The router couldn’t resolve the IP address from the domain

Addr for rule <%d>

name that was used for the secure gateway address.

Peer ID: <peer id> <My remote

The displayed ID information did not match between the two

type> -<My local type>

ends of the connection.

vs. My Remote <My remote> -

The displayed ID information did not match between the two

<My remote>

ends of the connection.

vs. My Local <My local>-<My

The displayed ID information did not match between the two


ends of the connection.

Send <packet>

A packet was sent.

Recv <packet>

IKE uses ISAKMP to transmit data. Each ISAKMP packet


contains many different types of payloads. All of them show in


the LOG. Refer to RFC2408 – ISAKMP for a list of all ISAKMP


payload types.

Recv <Main or Aggressive>

The router received an IKE negotiation request from the peer

Mode request from <IP>

address specified.

Send <Main or Aggressive>

The router started negotiation with the peer.

Mode request to <IP>


Invalid IP <Peer local> /

The peer’s “Local IP Address” is invalid.

<Peer local>



Appendix S Log Descriptions