ZyXEL Communications ZyWALL 5 User Manual page 650
Hide thumbs
Also See for ZyWALL 5:
- User manual (553 pages) ,
- Support notes (305 pages) ,
- Quick start manual (139 pages)
Table of Contents
Advertisement
ZyWALL 5 User's Guide
Table 48 IKE Logs (continued)
LOG MESSAGE
Recv <packet>
Recv <Main or Aggressive>
Mode request from <IP>
Send <Main or Aggressive>
Mode request to <IP>
Invalid IP <Peer local> /
<Peer local>
Remote IP <Remote IP> /
<Remote IP> conflicts
Phase 1 ID type mismatch
Phase 1 ID content mismatch
No known phase 1 ID type
found
ID type mismatch. Local /
Peer: <Local ID type/Peer ID
type>
ID content mismatch
Configured Peer ID Content:
<Configured Peer ID Content>
Incoming ID Content:
<Incoming Peer ID Content>
Unsupported local ID Type:
<%d>
Build Phase 1 ID
Adjust TCP MSS to %d
Rule <%d> input idle time
out, disconnect
XAUTH succeed! Username:
<Username>
XAUTH fail! Username:
<Username>
Rule[%d] Phase 1 negotiation
mode mismatch
Rule [%d] Phase 1 encryption
algorithm mismatch
Rule [%d] Phase 1
authentication algorithm
mismatch
648
DESCRIPTION
IKE uses ISAKMP to transmit data. Each ISAKMP packet
contains many different types of payloads. All of them show in
the LOG. Refer to RFC2408 – ISAKMP for a list of all ISAKMP
payload types.
The router received an IKE negotiation request from the peer
address specified.
The router started negotiation with the peer.
The peer's "Local IP Address" is invalid.
The security gateway is set to "0.0.0.0" and the router used
the peer's "Local Address" as the router's "Remote Address".
This information conflicted with static rule #d; thus the
connection is not allowed.
This router's "Peer ID Type" is different from the peer IPSec
router's "Local ID Type".
This router's "Peer ID Content" is different from the peer
IPSec router's "Local ID Content".
The router could not find a known phase 1 ID in the
connection attempt.
The phase 1 ID types do not match.
The phase 1 ID contents do not match.
The phase 1 ID contents do not match and the configured
"Peer ID Content" is displayed.
The phase 1 ID contents do not match and the incoming
packet's ID content is displayed.
The phase 1 ID type is not supported by the router.
The router has started to build the phase 1 ID.
The router automatically changed the TCP Maximum
Segment Size value after establishing a tunnel.
The tunnel for the listed rule was dropped because there was
no inbound traffic within the idle timeout period.
The router used extended authentication to authenticate the
listed username.
The router was not able to use extended authentication to
authenticate the listed username.
The listed rule's IKE phase 1 negotiation mode did not match
between the router and the peer.
The listed rule's IKE phase 1 encryption algorithm did not
match between the router and the peer.
The listed rule's IKE phase 1 authentication algorithm did not
match between the router and the peer.
Appendix Q Log Descriptions
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications ZyWALL 5
Related Products for ZyXEL Communications ZyWALL 5
- ZyXEL Communications ZyXEL ZyWALL 35
- ZyXEL Communications ZyXEL ZyWALL USG-1000
- ZyXEL Communications Omni 56K
- ZyXEL Communications Omni 56K II
- ZyXEL Communications Omni 56K II, 56K Plus II
- ZyXEL Communications ZYWALL 5 - V4.04
- ZyXEL Communications ZYWALL 5 - V4.03
- ZyXEL Communications 56K Plus Series