Appendix A Log Descriptions

Table 272 IKE Logs

LOG MESSAGE

DESCRIPTION

Peer has not announced

The remote IPSec router has not announced its dead peer

DPD capability

detection (DPD) capability to this device.

 

 

[COOKIE] Invalid

Cannot find SA according to the cookie.

cookie, no sa found

 

 

 

[DPD] No response from

The device’s DPD feature has not detected a response from

peer. Using existing

the remote IPSec router. %u is the retry time.

Phase-1 SA in %u

 

seconds. Trying with

 

Phase-1 rekey.

 

 

 

[HASH] : Tunnel [%s]

%s is the tunnel name. When negotiating Phase-1, the

Phase 1 hash mismatch

exchange hash did not match.

 

 

[HASH] : Tunnel [%s]

%s is the tunnel name. When negotiating Phase-2, the

Phase 2 hash mismatch"

calculated quick mode authentication hash did not match.

 

 

[ID] : Invalid ID

ID payload is not valid (in Phase-1 is local/peer ID, in Phase-2

information

is local/remote policy).

 

 

[ID] : Tunnel [%s]

%s is the tunnel name. When negotiating Phase-1, the local

Local IP mismatch

tunnel IP did not match the My IP in VPN gateway.

 

 

[ID] : Tunnel [%s] My

%s is the tunnel name. When negotiating Phase-1 and

IP mismatch

selecting matched proposal, My IP Address could not be

 

resolved.

 

 

[ID] : Tunnel [%s]

%s is the tunnel name. When negotiating Phase-1, the peer ID

Phase 1 ID mismatch

did not match.

 

 

[ID] : Tunnel [%s]

%s is the tunnel name. When negotiating Phase-2 and

Phase 2 Local ID

checking IPsec SAs or the ID is IPv6 ID.

mismatch

 

 

 

[ID] : Tunnel [%s]

%s is the tunnel name. When negotiating Phase-2 and

Phase 2 Remote ID

checking IPsec SAs or the ID is IPv6 ID.

mismatch

 

 

 

[ID] : Tunnel [%s]

%s is the tunnel name. When negotiating Phase-1, the peer

Remote IP mismatch

tunnel IP did not match the secure gateway address in VPN

 

gateway.

 

 

[SA] : Malformed IPSec

When selecting a matched proposal, some protocol was given

SA proposal

more than once.

 

 

[SA] : No proposal

When selecting a matched proposal in phase-1 or phase-2, so

chosen

proposal was selected.

 

 

[SA] : Tunnel [%s]

%s is the tunnel name. When negotiating Phase-1, the

Phase 1 authentication

authentication algorithm did not match.

algorithm mismatch

 

 

 

[SA] : Tunnel [%s]

%s is the tunnel name. When negotiating Phase-1, the

Phase 1 authentication

authentication method did not match.

method mismatch

 

 

 

[SA] : Tunnel [%s]

%s is the tunnel name. When negotiating Phase-1, the

Phase 1 encryption

encryption algorithm did not match.

algorithm mismatch

 

 

 

 

925

ZyWALL USG 2000 User’s Guide