ZyWALL 2 Series User’s Guide
A PYLD_MALFORMED packet usually means that the two ends of the VPN tunnelare not using the sameLOG MESSAGE | DESCRIPTION |
|
|
Send <Symbol> Mode request to <IP> | The ZyWALL has started negotiation with the peer. |
Send <Symbol> Mode request to <IP> |
|
Recv <Symbol> Mode request from | The ZyWALL has received an IKE negotiation request |
<IP> | from the peer. |
Recv <Symbol> Mode request from |
|
<IP> |
|
Recv:<Symbol> | IKE uses the ISAKMP protocol (refer to RFC2408 – |
| ISAKMP) to transmit data. Each ISAKMP packet |
| contains payloads of different types that show in the |
| log - see Chart |
|
|
Phase 1 IKE SA process done | Phase 1 negotiation is finished. |
Start Phase 2: Quick Mode | Phase 2 negotiation is beginning using Quick Mode. |
|
|
!! IKE Negotiation is in process | The ZyWALL has begun negotiation with the peer for |
| the connection already, but the IKE key exchange has |
| not finished yet. |
|
|
!! Duplicate requests with the same | The ZyWALL has received multiple requests from the |
cookie | same peer but it is still processing the first IKE packet |
| from that peer. |
!! No proposal chosen | The parameters configured for Phase 1 or Phase 2 |
| negotiations don’t match. Please check all protocols |
| and settings for these phases. For example, one party |
| may be using 3DES encryption, but the other party is |
| using DES encryption, so the connection will fail. |
!! Verifying Local ID failed | During IKE Phase 2 negotiation, both parties |
!! Verifying Remote ID failed | exchange policy details, including local and remote IP |
address ranges. If these ranges differ, then the | |
| connection fails. |
!! Local / remote IPs of incoming | If the security gateway is “0.0.0.0”, the ZyWALL will |
request conflict with rule <#d> | use the peer’s “Local Addr” as its “Remote Addr”. If |
| this IP (range) conflicts with a previously configured |
| rule then the connection is not allowed. |
|
|
Log Descriptions |