Prestige 652 ADSL Security Router
The following figure shows a typical log from the VPN connection peer.
Index:
------------------------------------------------------------
001
002
003
004
005
006
007
008
009
010
011
012
Clear IPSec Log (y/n):
This menu is useful for troubleshooting. A log index number, the date and time the log was created and a log
message are displayed.
Double exclamation marks (!!) denote an error or warning message.
The following table shows sample log messages during IKE key exchange.
LOG MESSAGE
Cannot find outbound SA for rule <#d>
Send Main Mode request to <IP>
Send Aggressive Mode request to <IP>
Recv Main Mode request from <IP>
Recv Aggressive Mode request from <IP>
Send:<Symbol><Symbol>
Recv:<Symbol><Symbol>
Phase 1 IKE SA process done
27-2
Date/Time:
01 Jan 08:08:07
01 Jan 08:08:07
01 Jan 08:08:08
01 Jan 08:08:08
01 Jan 08:08:10
01 Jan 08:08:10
01 Jan 08:08:10
01 Jan 08:08:10
01 Jan 08:08:10
01 Jan 08:08:10
01 Jan 08:08:10
01 Jan 08:08:10
Figure 27-2 Example VPN Responder IPSec Log
Table 27-1 Sample IKE Key Exchange Logs
Log:
Recv Main Mode request from <192.168.100.100>
Recv:<SA>
Send:<SA>
Recv:<KE><NONCE>
Send:<KE><NONCE>
Recv:<ID><HASH>
Send:<ID><HASH>
Phase 1 IKE SA process done
Recv:<HASH><SA><NONCE><ID><ID>
Start Phase 2: Quick Mode
Send:<HASH><SA><NONCE><ID><ID>
Recv:<HASH>
The packet matches the rule index number (#d), but
Phase 1 or Phase 2 negotiation for outbound (from the
VPN initiator) traffic is not finished yet.
The Prestige has started negotiation with the peer.
The Prestige has received an IKE negotiation request
from the peer.
IKE uses the ISAKMP protocol (refer to RFC2408 –
ISAKMP) to transmit data. Each ISAKMP packet
contains payloads of different types that show in the
log - see Table 27-3.
Phase 1 negotiation is finished.
DESCRIPTION
IPSec Log