ZyXEL Communications ZYWALL 35 User Manual page 563

Table 188 IKE Logs (continued)
LOG MESSAGE
Phase 1 IKE SA process done
Duplicate requests with the
same cookie
IKE Negotiation is in
process
No proposal chosen
Local / remote IPs of
incoming request conflict
with rule <%d>
Cannot resolve Secure
Gateway Addr for rule <%d>
Peer ID: <peer id> <My remote
type> -<My local type>
vs. My Remote <My remote> -
<My remote>
vs. My Local <My local>-<My
local>
Send <packet>
Recv <packet>
Recv <Main or Aggressive>
Mode request from <IP>
Send <Main or Aggressive>
Mode request to <IP>
Invalid IP <Peer local> /
<Peer local>
Remote IP <Remote IP> /
<Remote IP> conflicts
Phase 1 ID type mismatch
Phase 1 ID content mismatch
No known phase 1 ID type
found
ID type mismatch. Local /
Peer: <Local ID type/Peer ID
type>
ID content mismatch
Configured Peer ID Content:
<Configured Peer ID Content>
ZyWALL 5/35/70 Series User's Guide
DESCRIPTION
The phase 1 IKE SA process has been completed.
The router received multiple requests from the same peer
while still processing the first IKE packet from the peer.
The router has already started negotiating with the peer for
the connection, but the IKE process has not finished yet.
Phase 1 or phase 2 parameters don't match. Please check all
protocols / settings. Ex. One device being configured for
3DES and the other being configured for DES causes the
connection to fail.
The security gateway is set to "0.0.0.0" and the router used
the peer's "Local Address" as the router's "Remote Address".
This information conflicted with static rule #d; thus the
connection is not allowed.
The router couldn't resolve the IP address from the domain
name that was used for the secure gateway address.
The displayed ID information did not match between the two
ends of the connection.
The displayed ID information did not match between the two
ends of the connection.
The displayed ID information did not match between the two
ends of the connection.
A packet was sent.
IKE uses ISAKMP to transmit data. Each ISAKMP packet
contains many different types of payloads. All of them show in
the LOG. Refer to RFC2408 – ISAKMP for a list of all
ISAKMP payload types.
The router received an IKE negotiation request from the peer
address specified.
The router started negotiation with the peer.
The peer's "Local IP Address" is invalid.
The security gateway is set to "0.0.0.0" and the router used
the peer's "Local Address" as the router's "Remote Address".
This information conflicted with static rule #d; thus the
connection is not allowed.
This router's "Peer ID Type" is different from the peer IPSec
router's "Local ID Type".
This router's "Peer ID Content" is different from the peer
IPSec router's "Local ID Content".
The router could not find a known phase 1 ID in the
connection attempt.
The phase 1 ID types do not match.
The phase 1 ID contents do not match.
The phase 1 ID contents do not match and the configured
"Peer ID Content" is displayed.
Chapter 31 Logs Screens
563