Table 261 Ike Logs - ZyXEL Communications ZyWall 70 User Manual
Internet security appliance
Hide thumbs
Also See for ZyWall 70:
- Quick start manual (141 pages) ,
- Brochure & specs (2 pages) ,
- User manual (872 pages)
Table of Contents
Advertisement
Table 260 IPSec Logs (continued)
LOG MESSAGE
Rule <%d> idle time out,
disconnect
WAN IP changed to <IP>
Inbound packet decryption failed Please check the algorithm configuration.
Cannot find outbound SA for
rule <%d>
Rule [%s] sends an echo
request to peer
Rule [%s] receives an echo
reply from peer
Table 261 IKE Logs
LOG MESSAGE
Active connection allowed
exceeded
Start Phase 2: Quick Mode
Verifying Remote ID failed:
Verifying Local ID failed:
IKE Packet Retransmit
Failed to send IKE Packet
Too many errors! Deleting SA
Phase 1 IKE SA process done
Duplicate requests with the
same cookie
IKE Negotiation is in process The router has already started negotiating with the peer for
No proposal chosen
Local / remote IPs of
incoming request conflict
with rule <%d>
Cannot resolve Secure Gateway
Addr for rule <%d>
Appendix R Log Descriptions
DESCRIPTION
The router dropped a connection that had outbound traffic and no
inbound traffic for a certain time period. You can use the "ipsec timer
chk_conn" CI command to set the time period. The default value is 2
minutes.
The router dropped all connections with the "MyIP" configured as
"0.0.0.0" when the WAN IP address changed.
A packet matches a rule, but there is no phase 2 SA for outbound
traffic.
The device sent a ping packet to check the specified VPN tunnel's
connectivity.
The device received a ping response when checking the specified
VPN tunnel's connectivity.
DESCRIPTION
The IKE process for a new connection failed because the limit
of simultaneous phase 2 SAs has been reached.
Phase 2 Quick Mode has started.
The connection failed during IKE phase 2 because the router
and the peer's Local/Remote Addresses don't match.
The connection failed during IKE phase 2 because the router
and the peer's Local/Remote Addresses don't match.
The router retransmitted the last packet sent because there
was no response from the peer.
An Ethernet error stopped the router from sending IKE
packets.
An SA was deleted because there were too many errors.
The phase 1 IKE SA process has been completed.
The router received multiple requests from the same peer
while still processing the first IKE packet from the peer.
the connection, but the IKE process has not finished yet.
Phase 1 or phase 2 parameters don't match. Please check all
protocols / settings. Ex. One device being configured for
3DES and the other being configured for DES causes the
connection to fail.
The security gateway is set to "0.0.0.0" and the router used
the peer's "Local Address" as the router's "Remote Address".
This information conflicted with static rule #d; thus the
connection is not allowed.
The router couldn't resolve the IP address from the domain
name that was used for the secure gateway address.
ZyWALL 70 User's Guide
685
Advertisement
Table of Contents
Troubleshooting
