ZyWALL 35 User's Guide
VPN Log
The system log can often help to identify a configuration problem.
Enable IKE & IPSec logging via the web configurator at both ends, clear the log and then
build the tunnel.
View the log via the web configurator or type 'sys log disp' from SMT Menu 24.8. See
Appendix S Boot Commands
Figure 409 VPN Log Example
zw5> sys log disp ike ipsec
#
.time
message
0|09/21/2004 05:45:08 |172.21.3.43
Rule [1] Tunnel built successfully
1|09/21/2004 05:45:08 |172.21.3.43
Send:[HASH]
2|09/21/2004 05:45:08 |172.21.3.43
Adjust TCP MSS to 1398
3|09/21/2004 05:45:07 |172.21.3.185
Recv:[HASH][SA][NONCE][ID][ID]
4|09/21/2004 05:45:07 |172.21.3.43
Send:[HASH][SA][NONCE][ID][ID]
5|09/21/2004 05:45:07 |172.21.3.43
Start Phase 2: Quick Mode
6|09/21/2004 05:45:07 |172.21.3.43
Phase 1 IKE SA process done
7|09/21/2004 05:45:07 |172.21.3.185
Recv:[ID][HASH][NOTFY:INIT_CONTACT]
8|09/21/2004 05:45:07 |172.21.3.43
Send:[ID][HASH][NOTFY:INIT_CONTACT]
9|09/21/2004 05:45:07 |172.21.3.185
Recv:[KE][NONCE]
10|09/21/2004 05:45:07 |172.21.3.43
Send:[KE][NONCE]
11|09/21/2004 05:45:07 |172.21.3.185
638
for information on the log messages.
source
destination
|172.21.3.185
|172.21.3.185
|172.21.3.185
|172.21.3.43
|172.21.3.185
|172.21.3.185
|172.21.3.185
|172.21.3.43
|172.21.3.185
|172.21.3.43
|172.21.3.185
|172.21.3.43
Appendix K VPN Setup
notes
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE