ZyWALL P1 User's Guide
VPN Log
The system log can often help to identify a configuration problem.
Enable IKE & IPSec logging via the web configurator at both ends, clear the log and then
build the tunnel.
View the log via the web configurator or type 'sys log disp' from CLI. See
page 347
for information on the log messages.
Figure 184 VPN Log Example
zw5> sys log disp ike ipsec
#
.time
message
0|09/21/2004 05:45:08 |172.21.3.43
Rule [1] Tunnel built successfully
1|09/21/2004 05:45:08 |172.21.3.43
Send:[HASH]
2|09/21/2004 05:45:08 |172.21.3.43
Adjust TCP MSS to 1398
3|09/21/2004 05:45:07 |172.21.3.185
Recv:[HASH][SA][NONCE][ID][ID]
4|09/21/2004 05:45:07 |172.21.3.43
Send:[HASH][SA][NONCE][ID][ID]
5|09/21/2004 05:45:07 |172.21.3.43
Start Phase 2: Quick Mode
6|09/21/2004 05:45:07 |172.21.3.43
Phase 1 IKE SA process done
7|09/21/2004 05:45:07 |172.21.3.185
Recv:[ID][HASH][NOTFY:INIT_CONTACT]
8|09/21/2004 05:45:07 |172.21.3.43
Send:[ID][HASH][NOTFY:INIT_CONTACT]
9|09/21/2004 05:45:07 |172.21.3.185
Recv:[KE][NONCE]
10|09/21/2004 05:45:07 |172.21.3.43
Send:[KE][NONCE]
11|09/21/2004 05:45:07 |172.21.3.185
314
source
Appendix N on
destination
|172.21.3.185
|172.21.3.185
|172.21.3.185
|172.21.3.43
|172.21.3.185
|172.21.3.185
|172.21.3.185
|172.21.3.43
|172.21.3.185
|172.21.3.43
|172.21.3.185
|172.21.3.43
Appendix G VPN Setup
notes
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE
|IKE