Figure 410 Ike/Ipsec Debug Example - ZyXEL Communications ZyWall 35 User Manual

Internet security appliance

Hide thumbs Also See for ZyWall 35:

Table of Contents

If you are having difficulty building an IPSec tunnel to a non-ZyXEL IPSec router, advanced

users may wish to examine the IPSec debug feature (Menu 24.8).

Figure 410 IKE/IPSec Debug Example

ras> ipsec debug

ras> ipsec debug type

<0:Disable | 1:Original on|off | 2:IKE on|off | 3: IPSec [SPI]|on|off |

4:XAUTH on|off | 5:CERT on|off | 6: All>

ras> ipsec debug level

<0:None | 1:User | 2:Low | 3:High>

ras> ipsec debug type 1 on

ras> ipsec debug type 2 on

ras> ipsec debug level 3

ras> ipsec dial 1

Start dialing for tunnel <rule# 1>...

ikeStartNegotiate(): saIndex<0>

peerIp<xxx.xxx.xxx.xxx> protocol: <NONE>(0)

peer Ip <xxx.xxx.xxx.xxx> initiator(): type<IPSEC_ESP>, exch<Main>

protocol: IPSEC_ESP, exchange mode: Main mode

find ipsec saNot found

Send event to LBN task for DH processLBN task proc event <DH param req>

Main Mode processing done successfully, state=MM wait DH param.

LBN task proc event <DH param req>genDHParameters(): dh_len=96

gen DH Parameters : dh_len=96

GenRand: A(secret_val) done

Tunnel built successfully!!!

Appendix K VPN Setup

isadb_is_outstanding_req():

lbnTwoExpMod(): elen=48, mlen=48

find_ipsec_sa():

GenRand: A(secret_val)

ZyWALL 35 User's Guide