Table of Contents
Advertisement
LOG MESSAGE
vs. My Local <IP address>
-> <symbol>
Error ID Info
The following table shows sample log messages during packet transmission.
Chart 13-11 Sample IPSec Logs During Packet Transmission
LOG MESSAGE
!! WAN IP changed to <IP>
!! Cannot find IPSec SA
!! Cannot find outbound SA
for rule <%d>
!! Discard REPLAY packet
!! Inbound packet
authentication failed
!! Inbound packet
decryption failed
Rule <#d> idle time out,
disconnect
Log Descriptions
Chart 13-10 Sample IKE Key Exchange Logs
If the ZyWALL's WAN IP changes, all configured "My IP Addr" are
changed to b "0.0.0.0". If this field is configured as 0.0.0.0, then the
ZyWALL will use the current ZyWALL WAN IP address (static or
dynamic) to set up the VPN tunnel.
The ZyWALL cannot find a phase 2 SA that corresponds with the
SPI of an inbound packet (from the peer); the packet is dropped.
The packet matches the rule index number (#d), but Phase 1 or
Phase 2 negotiation for outbound (from the VPN initiator) traffic is
not finished yet.
If the ZyWALL receives a packet with the wrong sequence number
it will discard it.
The authentication configuration settings are incorrect. Please
check them.
The decryption configuration settings are incorrect. Please check
them.
If an SA has no packets transmitted for a period of time
(configurable via CI command), the ZyWALL drops the connection.
ZyWALL 10~100 Series Internet Security Gateway
DESCRIPTION
The IP address type or IP address of an incoming
packet does not match the peer IP address type or IP
address configured on the local router. The log
displays this router's configured local IP address type
or IP address that the incoming packet did not match.
The router sent a payload type of IKE packet.
The parameters configured for Phase 1 ID content do
not match or the parameters configured for the Phase
2 ID (IP address of single, range or subnet) do not
match. Please check all protocols and settings for
these phases.
DESCRIPTION
13-15
Advertisement
Table of Contents
