ZyXEL Communications P-334WT Support Notes page 169

Using CI command 'ipsec debug 1'
Please enter 'ipsec debug 1' in Menu 24.8. There should be lots of detailed messages printed out to show how negotiations are taken
place. If IPSec connection fails, please dump 'ipsec debug 1' for our analysis. The following shows an example of dumped
messages.
P-334WT> ipsec debug 1
IPSEC debug level 1
P-334WT> catcher(): recv pkt numPkt<1>
get_hdr nxt_payload<1> exchMode<2> m_id<0> len<80>
f76af206 b187aae3 00000000 00000000 01100200 00000000 00000050 00000034
00000001 00000001 00000028 01010001 00000020 01010000 80010001 80020001
80040001 80030001 800b0001 800c0e10
In isadb_get_entry, nxt_pyld=1, exch=2
New SA
In responder
isadb_create_entry(): RESPONSOR:
##entering spGetPeerByAddr...
<deleted>
4. View Log
To view the log for IPSec and IKE connections, please enter menu 27.3, View IPSec Log. The log menu is also useful for
troubleshooting please capture to us if necessary. The example shown below is a successful IPSec connection.
Index: Date/Time:
------------------------------------------------------------
001 01 Jan 10:23:22
002 01 Jan 10:23:22
003 01 Jan 10:23:22
004 01 Jan 10:23:22
005 01 Jan 10:23:24
006 01 Jan 10:23:24
007 01 Jan 10:23:26
008 01 Jan 10:23:26
009 01 Jan 10:23:26
010 01 Jan 10:23:26
011 01 Jan 10:23:26
012 01 Jan 10:23:26
013 01 Jan 10:23:26
Clear IPSec Log (y/n):
Log:
!! Cannot find outbound SA for rule <1>
Send Main Mode request to <168.10.10.66>
Send:<SA>
Recv:<SA>
Send:<KE><NONCE>
Recv:<KE><NONCE>
Send:<ID><HASH>
Recv:<ID><HASH>
Phase 1 IKE SA process done
Start Phase 2: Quick Mode
Send:<HASH><SA><NONCE><ID><ID>
Recv:<HASH><SA><NONCE><ID><ID>
Send:<HASH>