Chapter 21 Logs

 

Table 103 IPSec Logs (continued)

 

LOG MESSAGE

 

DESCRIPTION

 

Receive IPSec packet,

 

The router dropped an inbound packet for which SPI could

 

but no corresponding

 

not find a corresponding phase 2 SA.

 

tunnel exists

 

 

 

 

Rule <%d> idle time

 

The router dropped a connection that had outbound traffic

 

out, disconnect

 

and no inbound traffic for a certain time period. You can use

 

 

 

the "ipsec timer chk_conn" CI command to set the time

 

 

 

period. The default value is 2 minutes.

 

 

 

 

 

 

WAN IP changed to <IP>

 

The router dropped all connections with the “MyIP”

 

 

 

configured as “0.0.0.0” when the WAN IP address changed.

 

 

 

 

 

 

Table 104 IKE Logs

 

 

 

LOG MESSAGE

 

DESCRIPTION

 

Active connection allowed

 

The IKE process for a new connection failed because

 

exceeded

 

the limit of simultaneous phase 2 SAs has been

 

 

 

 

reached.

 

 

 

 

 

Start Phase 2: Quick Mode

 

Phase 2 Quick Mode has started.

 

Verifying Remote ID failed:

The connection failed during IKE phase 2 because the

 

 

 

 

router and the peer’s Local/Remote Addresses don’t

 

 

 

 

match.

 

 

 

 

Verifying Local ID failed:

The connection failed during IKE phase 2 because the

 

 

 

 

router and the peer’s Local/Remote Addresses don’t

 

 

 

 

match.

 

 

 

 

 

IKE Packet Retransmit

 

The router retransmitted the last packet sent because

 

 

 

 

there was no response from the peer.

 

 

 

 

 

Failed to send IKE Packet

 

An Ethernet error stopped the router from sending

 

 

 

 

IKE packets.

 

 

 

 

Too many errors! Deleting SA

An SA was deleted because there were too many

 

 

 

 

errors.

 

 

 

 

Phase 1 IKE SA process done

The phase 1 IKE SA process has been completed.

 

Duplicate requests with the

The router received multiple requests from the same

 

same cookie

 

peer while still processing the first IKE packet from

 

 

 

 

the peer.

 

 

 

 

 

IKE Negotiation is in

 

The router has already started negotiating with the

 

process

 

peer for the connection, but the IKE process has not

 

 

 

 

finished yet.

 

 

 

 

 

No proposal chosen

 

Phase 1 or phase 2 parameters don’t match. Please

 

 

 

 

check all protocols / settings. Ex. One device being

 

 

 

 

configured for 3DES and the other being configured

 

 

 

 

for DES causes the connection to fail.

 

 

 

 

 

Local / remote IPs of

 

The security gateway is set to “0.0.0.0” and the

 

incoming request conflict

 

router used the peer’s “Local Address” as the router’s

 

with rule <%d>

 

“Remote Address”. This information conflicted with

 

 

 

 

static rule #d; thus the connection is not allowed.

 

 

 

 

 

Cannot resolve Secure

 

The router couldn’t resolve the IP address from the

 

Gateway Addr for rule <%d>

domain name that was used for the secure gateway

 

 

 

 

address.

 

 

 

 

 

NBG-460N User’s Guide

281

Page 281
Image 281
ZyXEL Communications wireless n gigbit router zyxel manual 281, IPSec Logs