Table of Contents
Advertisement
The following table shows sample log messages during packet transmission.
Chart L-11 Sample IPSec Logs During Packet Transmission
LOG MESSAGE
!! WAN IP changed to <IP>
!! Cannot find IPSec SA
!! Cannot find outbound SA
for rule <%d>
!! Discard REPLAY packet
!! Inbound packet
authentication failed
!! Inbound packet
decryption failed
Rule <#d> idle time out,
disconnect
The following table shows RFC-2408 ISAKMP payload types that the log
displays. Please refer to the RFC for detailed information on each type.
Chart L-12 RFC-2408 ISAKMP Payload Types
LOG DISPLAY
Security Association
SA
PROP
Proposal
TRANS
Transform
KE
Key Exchange
ID
Identification
If the Contivity 221's WAN IP changes, all configured "My IP Addr"
are changed to b "0.0.0.0". If this field is configured as 0.0.0.0, then
the Contivity 221 will use the current Contivity 221 WAN IP address
(static or dynamic) to set up the VPN tunnel.
The Contivity 221 cannot find a phase 2 SA that corresponds with
the SPI of an inbound packet (from the peer); the packet is
dropped.
The packet matches the rule index number (#d), but Phase 1 or
Phase 2 negotiation for outbound (from the VPN initiator) traffic is
not finished yet.
If the Contivity 221 receives a packet with the wrong sequence
number it will discard it.
The authentication configuration settings are incorrect. Please
check them.
The decryption configuration settings are incorrect. Please check
them.
If an SA has no packets transmitted for a period of time
(configurable via CI command), the Contivity 221 drops the
connection.
PAYLOAD TYPE
Log Descriptions L-17
DESCRIPTION
Contivity 221 VPN Switch User's Guide
Advertisement
Table of Contents
