Table of Contents
Advertisement
ZyWALL 10/10 II/50 Internet Security Gateway
LOG MESSAGE
!! IKE Packet Retransmit
!! Failed to send IKE Packet
!! Too many errors! Deleting SA
The following table shows sample log messages during packet transmission.
Table 28-2 Sample IPSec Logs During Packet Transmission
LOG MESSAGE
!! WAN IP changed to <IP>
!! Cannot find Phase 2 SA
!! Discard REPLAY packet
!! Inbound packet
authentication failed
!! Inbound packet decryption
failed
Rule <#d> idle time out,
disconnect
The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC
for detailed information on each type.
28-4
Table 28-1 Sample IKE Key Exchange Logs
If the ZyWALL's WAN IP changes, all configured "My IP Addr" are
changed to b "0.0.0.0".. If this field is configured as 0.0.0.0, then
the ZyWALL will use the current ZyWALL WAN IP address (static
or dynamic) to set up the VPN tunnel.
The ZyWALL cannot find a phase 2 SA that corresponds with the
SPI of an inbound packet (from the peer); the packet is dropped.
If the ZyWALL receives a packet with the wrong sequence number
it will discard it.
The authentication configuration settings are incorrect. Please
check them.
The decryption configuration settings are incorrect. Please check
them.
If an SA has no packets transmitted for a period of time
(configurable via CI command), the ZyWALL drops the connection.
Table 28-3 RFC-2408 ISAKMP Payload Types
LOG DISPLAY
SA
PROP
The ZyWALL did not receive a response from the peer
and so retransmits the last packet sent.
The ZyWALL cannot send IKE packets due to a
network error.
The ZyWALL deletes an SA when too many errors
occur.
DESCRIPTION
PAYLOAD TYPE
Security Association
Proposal
DESCRIPTION
IPSec Log
Advertisement
Table of Contents
Troubleshooting
