Table of Contents
Advertisement
IPSec Debug
If you are having difficulty building an IPSec tunnel to a non-ZyXEL IPSec router, advanced
users may wish to examine the IPSec debug feature (Menu 24.8).
Note: If any of your VPN rules have an active network policy set to nailed-up, using
the IPSec debug feature may cause the ZyWALL to continuously display new
information. Type
Figure 474 IKE/IPSec Debug Example
ras> ipsec debug
type
ras> ipsec debug type
<0:Disable | 1:Original on|off | 2:IKE on|off | 3: IPSec [SPI]|on|off |
4:XAUTH on|off | 5:CERT on|off | 6: All>
ras> ipsec debug level
<0:None | 1:User | 2:Low | 3:High>
ras> ipsec debug type 1 on
ras> ipsec debug type 2 on
ras> ipsec debug level 3
ras> ipsec dial 1
get_ipsec_sa_by_policyIndex():
Start dialing for tunnel <rule# 1>...
ikeStartNegotiate(): saIndex<0>
peerIp<5.1.2.3> protocol: <IPSEC_ESP>(3)
peer Ip <5.1.2.3> initiator(): type<IPSEC_ESP>, exch<Main>
initiator :
protocol: IPSEC_ESP, exchange mode: Main mode
find ipsec saNot found
Not found
isakmp is outstanding req : SA not found
isadb_create_entry():
isadb_get_entry_by_addr():
Get IKE entry by address:
SA not found
ISAKMP SA created for peer <BRANCH> size<900>
ikePeer.s0
ISAKMP SA built, index = 0isadb_create_entry(): done
create IKE entry doneinitiator(): find myIpAddr = 0.0.0.0, use
<5.6.7.8> r
Appendix K VPN Setup
ipsec debug level 0
level
display
isadb_is_outstanding_req():
>> INITIATOR
SA not found
ISAKMP SA created for peer <BRANCH> size<900>
ZyWALL 5/35/70 Series User's Guide
and press [ENTER] to stop it.
find_ipsec_sa():
ISAKMP SA built,
740
Advertisement
Chapters
Table of Contents
Troubleshooting
