System Logs and Error Messages
433
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
SSL VPN Logs
This section describes the log messages that are generated by SSL VPN policies.
Table 127. System logs: IPSec VPN tunnel, client policy behind a NAT device
Message 3
Message 6
2000 Jan 1 01:54:21 [SRX5308] [IKE] Floating ports for NAT-T with peer
20.0.0.1[4500]_
2000 Jan 1 01:54:21 [SRX5308] [IKE] NAT-D payload matches for
20.0.0.2[4500]_
2000 Jan 1 01:54:21 [SRX5308] [IKE] NAT-D payload does not match for
20.0.0.1[4500]_
2000 Jan 1 01:54:21 [SRX5308] [IKE] Ignore REPLAY-STATUS notification
from 20.0.0.1[4500]._
2000 Jan 1 01:54:21 [SRX5308] [IKE] Ignore INITIAL-CONTACT notification
from 20.0.0.1[4500] because it is only accepted after phase 1._
2000 Jan 1 01:54:21 [SRX5308] [IKE] NAT detected: Peer is behind a NAT
device_
Explanation These logs are generated when the remote WAN host is connected through a
device such as the VPN firewall. NAT is detected before phase 1 is established.
Message 3: NAT-D does not match the remote host.
Message 6: The VPN firewall confirms that the remote host or the peer is
behind a NAT device.
Recommended action None
Table 128. System logs: SSL VPN tunnel, WAN host and interface
Message 2000 Jan 1 03:44:55 [SRX5308] [sslvpntunnel]
id=SRX5308 time="2000-1-1 3:44:55" fw=20.0.0.2 pri=6 rule=access-policy proto=
"SSL VPN Tunnel" src=20.0.0.1 user=sai dst=20.0.0.2 arg="" op="" result="" rcvd=
"" msg="SSL VPN Tunnel"
Explanation A SSL VPN tunnel is established for ID SRX5308 with the WAN host 20.0.0.1
through WAN interface 20.0.0.2 and logged in with the user name “sai.”
Recommended action None
Table 129. System logs: VPN log messages, port forwarding, WAN host and interface
Message 2000 Jan 1 01:30:08 [SRX5308] [portforwarding]
id=SRX5308 time="2000-1-1 1:30: 8" fw=20.0.0.2 pri=6 rule=access-policy proto=
"Port Forwarding" src=20.0.0.1 user=sai dst=20.0.0.2 arg="" op="" result="" rcvd=""
msg="Port Forwarding"
Explanation A SSL VPN tunnel through port forwarding is established for ID SRX5308 with the
WAN host 20.0.0.1 through WAN interface 20.0.0.2 and logged in with the user
name “sai.”
Recommended action None