Filter
Top Products
Chapter 21 Logs
NBG-460N User’s Guide
281
Receive IPSec packet,
but no corresponding
tunnel exists
The router dropped an inbound packet for which SPI could
not find a corresponding phase 2 SA.
Rule <%d> idle time
out, disconnect
The router dropped a connection that had outbound traffic
and no inbound traffic for a certain time period. You can use
the "ipsec timer chk_conn" CI command to set the time
period. The default value is 2 minutes.
WAN IP changed to <IP> The router dropped all connections with the “MyIP”
configured as “0.0.0.0” when the WAN IP address changed.
Table 104 IKE Logs
LOG MESSAGE DESCRIPTION
Active connection allowed
exceeded
The IKE process for a new connection failed because
the limit of simultaneous phase 2 SAs has been
reached.
Start Phase 2: Quick Mode Phase 2 Quick Mode has started.
Verifying Remote ID failed: The connection failed during IKE phase 2 because the
router and the peer’s Local/Remote Addresses don’t
match.
Verifying Local ID failed: The connection failed during IKE phase 2 because the
router and the peer’s Local/Remote Addresses don’t
match.
IKE Packet Retransmit The router retransmitted the last packet sent because
there was no response from the peer.
Failed to send IKE Packet An Ethernet error stopped the router from sending
IKE packets.
Too many errors! Deleting SA An SA was deleted because there were too many
errors.
Phase 1 IKE SA process done The phase 1 IKE SA process has been completed.
Duplicate requests with the
same cookie
The router received multiple requests from the same
peer while still processing the first IKE packet from
the peer.
IKE Negotiation is in
process
The router has already started negotiating with the
peer for the connection, but the IKE process has not
finished yet.
No proposal chosen Phase 1 or phase 2 parameters don’t match. Please
check all protocols / settings. Ex. One device being
configured for 3DES and the other being configured
for DES causes the connection to fail.
Local / remote IPs of
incoming request conflict
with rule <%d>
The security gateway is set to “0.0.0.0” and the
router used the peer’s “Local Address” as the router’s
“Remote Address”. This information conflicted with
static rule #d; thus the connection is not allowed.
Cannot resolve Secure
Gateway Addr for rule <%d>
The router couldn’t resolve the IP address from the
domain name that was used for the secure gateway
address.
Table 103 IPSec Logs (continued)
LOG MESSAGE DESCRIPTION