Filter
Top Products
ZyWALL 10~100 Series Internet Security Gateway
Log Descriptions 13-15
Chart 13-10 Sample IKE Key Exchange Logs
LOG MESSAGE DESCRIPTION
vs. My Local <IP address>
The IP address type or IP address of an incoming
packet does not match the peer IP address type or IP
address configured on the local router. The log
displays this router’s configured local IP address type
or IP address that the incoming packet did not match.
-> <symbol>
The router sent a payload type of IKE packet.
Error ID Info
The parameters configured for Phase 1 ID content do
not match or the parameters configured for the Phase
2 ID (IP address of single, range or subnet) do not
match. Please check all protocols and settings for
these phases.
The following table shows sample log messages during packet transmission.
Chart 13-11 Sample IPSec Logs During Packet Transmission
LOG MESSAGE DESCRIPTION
!! WAN IP changed to <IP>
If the ZyWALL’s WAN IP changes, all configured “My IP Addr” are
changed to b “0.0.0.0”. If this field is configured as 0.0.0.0, then the
ZyWALL will use the current ZyWALL WAN IP address (static or
dynamic) to set up the VPN tunnel.
!! Cannot find IPSec SA
The ZyWALL cannot find a phase 2 SA that corresponds with the
SPI of an inbound packet (from the peer); the packet is dropped.
!! Cannot find outbound SA
for rule <%d>
The packet matches the rule index number (#d), but Phase 1 or
Phase 2 negotiation for outbound (from the VPN initiator) traffic is
not finished yet.
!! Discard REPLAY packet
If the ZyWALL receives a packet with the wrong sequence number
it will discard it.
!! Inbound packet
authentication failed
The authentication configuration settings are incorrect. Please
check them.
!! Inbound packet
decryption failed
The decryption configuration settings are incorrect. Please check
them.
Rule <#d> idle time out,
disconnect
If an SA has no packets transmitted for a period of time
(configurable via CI command), the ZyWALL drops the connection.