Table of Contents
Advertisement
Prestige 652 ADSL Security Router
The following table shows sample log messages during packet transmission.
Table 27-2 Sample IPSec Logs During Packet Transmission
LOG MESSAGE
!! WAN IP changed to <IP>
!! Cannot find Phase 2 SA
!! Discard REPLAY packet
!! Inbound packet
authentication failed
!! Inbound packet decryption
failed
Rule <#d> idle time out,
disconnect
The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC
for detailed information on each type.
27-4
If the Prestige's WAN IP changes, all configured "My IP Addr" are
changed to b "0.0.0.0".. If this field is configured as 0.0.0.0, then
the Prestige will use the current Prestige WAN IP address (static or
dynamic) to set up the VPN tunnel.
The Prestige cannot find a phase 2 SA that corresponds with the
SPI of an inbound packet (from the peer); the packet is dropped.
If the Prestige receives a packet with the wrong sequence number
it will discard it.
The authentication configuration settings are incorrect. Please
check them.
The decryption configuration settings are incorrect. Please check
them.
If an SA has no packets transmitted for a period of time
(configurable via CI command), the Prestige drops the connection.
Table 27-3 RFC-2408 ISAKMP Payload Types
LOG DISPLAY
SA
PROP
TRANS
KE
ID
CER
CER_REQ
HASH
SIG
DESCRIPTION
PAYLOAD TYPE
Security Association
Proposal
Transform
Key Exchange
Identification
Certificate
Certificate Request
Hash
Signature
IPSec Log
Advertisement
Table of Contents
Troubleshooting
