Table 242 Ike Logs - ZyXEL Communications Unified Security Gateway ZyWALL 300 User Manual
Unified security gateway
Hide thumbs
Also See for Unified Security Gateway ZyWALL 300:
- User manual (1156 pages) ,
- Quick start manual (128 pages) ,
- Specifications (4 pages)
Table of Contents
Advertisement
Table 241 Application Patrol Logs (continued)
LOG MESSAGE
App Patrol Name=%s
Type=%s %s=%d
Protocol=%s Action=%s
App Patrol resources
ran out. User %s is
unrestricted by rule [
%s:%d ]. 1st %s: User
Name, 2nd %s: Protocol
Name, 1% %d: Rule
Index
Table 242 IKE Logs
LOG MESSAGE
%s:%s has not
announced DPD
capability
[COOKIE] Invalid
cookie, no sa found
[DPD] No response from
"%s:%s using existing
Phase-1 SA in %u
seconds. Trying with
Phase-1 rekey.
[HASH] : Tunnel [%s]
Phase 1 hash mismatch
[HASH] : Tunnel [%s]
Phase 2 hash mismatch"
[ID] : Invalid ID
information
[ID] : Tunnel [%s]
Local IP mismatch
[ID] : Tunnel [%s] My
IP mismatch
[ID] : Tunnel [%s]
Phase 1 ID mismatch
[ID] : Tunnel [%s]
Phase 2 Local ID
mismatch
[ID] : Tunnel [%s]
Phase 2 Remote ID
mismatch
[ID] : Tunnel [%s]
Remote IP mismatch
[SA] : Malformed IPSec
SA proposal
[SA] : No proposal
chosen
ZyWALL USG 300 User's Guide
DESCRIPTION
Packets logging. 1st %s: Protocol Name, 2nd %s: Category Name, 3rd
%s: Default Rule or Exception Rule, 1st %d: Rule Index, 4th %s: TCP
or UDP, 5th %s: Action.
The application patrol daemon (process) resource pool is full, current
login user %s is unrestricted by rule %d of protocol %s. 1st %s: User
Name, 1st %d: Rule Index, 2nd %s: Protocol Name.
DESCRIPTION
%s:%s is the peer IP:Port. Peer has not announced capability.
Cannot find SA according to the cookie.
%s:%s is the peer IP:Port. %u is the retry time. Dead Peer Detection
(DPD) detected no response from peer.
%s is the tunnel name. When negotiating Phase-1, the exchange hash
did not match.
%s is the tunnel name. When negotiating Phase-2, the calculated quick
mode authentication hash did not match.
ID payload is not valid (in Phase-1 is local/peer ID, in Phase-2 is local/
remote policy).
%s is the tunnel name. When negotiating Phase-1, the local tunnel IP
did not match the My IP in VPN gateway.
%s is the tunnel name. When negotiating Phase-1 and selecting
matched proposal, My IP Address could not be resolved.
%s is the tunnel name. When negotiating Phase-1, the peer ID did not
match.
%s is the tunnel name. When negotiating Phase-2 and checking IPsec
SAs or the ID is IPv6 ID.
%s is the tunnel name. When negotiating Phase-2 and checking IPsec
SAs or the ID is IPv6 ID.
%s is the tunnel name. When negotiating Phase-1, the peer tunnel IP
did not match the secure gateway address in VPN gateway.
When selecting a matched proposal, some protocol was given more
than once.
When selecting a matched proposal in phase-1 or phase-2, so
proposal was selected.
Appendix B Log Descriptions
673
Advertisement
Table of Contents
Troubleshooting
