|
|
|
| Chapter 20 Logs |
| Table 112 IPSec Logs (continued) |
| ||
| LOG MESSAGE |
| DESCRIPTION | |
| Rule <%d> idle time |
| The router dropped a connection that had outbound traffic and no | |
| out, disconnect |
| inbound traffic for a certain time period. You can use the "ipsec timer | |
|
|
| chk_conn" CI command to set the time period. The default value is 2 | |
|
|
| minutes. | |
|
|
|
|
|
| WAN IP changed to <IP> |
| The router dropped all connections with the “MyIP” configured as | |
|
|
| “0.0.0.0” when the WAN IP address changed. | |
| Table 113 IKE Logs |
|
| |
| LOG MESSAGE |
| DESCRIPTION | |
| Active connection allowed |
| The IKE process for a new connection failed because the limit | |
| exceeded |
| of simultaneous phase 2 SAs has been reached. | |
| Start Phase 2: Quick Mode |
| Phase 2 Quick Mode has started. | |
| Verifying Remote ID failed: | The connection failed during IKE phase 2 because the router | ||
|
|
|
| and the peer’s Local/Remote Addresses don’t match. |
| Verifying Local ID failed: | The connection failed during IKE phase 2 because the router | ||
|
|
|
| and the peer’s Local/Remote Addresses don’t match. |
| IKE Packet Retransmit |
| The router retransmitted the last packet sent because there | |
|
|
|
| was no response from the peer. |
| Failed to send IKE Packet |
| An Ethernet error stopped the router from sending IKE | |
|
|
|
| packets. |
| Too many errors! Deleting SA | An SA was deleted because there were too many errors. | ||
| Phase 1 IKE SA process done | The phase 1 IKE SA process has been completed. | ||
| Duplicate requests with the | The router received multiple requests from the same peer | ||
| same cookie |
| while still processing the first IKE packet from the peer. | |
| IKE Negotiation is in |
| The router has already started negotiating with the peer for | |
| process |
| the connection, but the IKE process has not finished yet. | |
| No proposal chosen |
| Phase 1 or phase 2 parameters don’t match. Please check all | |
|
|
|
| protocols / settings. Ex. One device being configured for |
|
|
|
| 3DES and the other being configured for DES causes the |
|
|
|
| connection to fail. |
|
|
|
| |
| Local / remote IPs of |
| The security gateway is set to “0.0.0.0” and the router used | |
| incoming request conflict |
| the peer’s “Local Address” as the router’s “Remote Address”. | |
| with rule <%d> |
| This information conflicted with static rule #d; thus the | |
|
|
|
| connection is not allowed. |
| Cannot resolve Secure |
| The router couldn’t resolve the IP address from the domain | |
| Gateway Addr for rule <%d> | name that was used for the secure gateway address. | ||
| Peer ID: <peer id> <My remote | The displayed ID information did not match between the two | ||
| type> |
| ends of the connection. | |
| vs. My Remote <My remote> - | The displayed ID information did not match between the two | ||
| <My remote> |
| ends of the connection. | |
| vs. My Local <My | The displayed ID information did not match between the two | ||
| local> |
| ends of the connection. | |
| Send <packet> |
| A packet was sent. | |
| 263 |
|
|