ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
C-16 System Logs and Error Messages
v1.0, April 2010
SSL VPN Logs
This section describes the log messages that are generated by SSL VPN policies.
Table C-23. System Logs: IPsec VPN Tunnel, Client Policy Behind a NAT Device
Message 3
Message 6
2000 Jan 1 01:54:21 [SRX5308] [IKE] Floating ports for NAT-T with peer
20.0.0.1[4500]_
2000 Jan 1 01:54:21 [SRX5308] [IKE] NAT-D payload matches for
20.0.0.2[4500]_
2000 Jan 1 01:54:21 [SRX5308] [IKE] NAT-D payload does not match for
20.0.0.1[4500]_
2000 Jan 1 01:54:21 [SRX5308] [IKE] Ignore REPLAY-STATUS notification
from 20.0.0.1[4500]._
2000 Jan 1 01:54:21 [SRX5308] [IKE] Ignore INITIAL-CONTACT notification
from 20.0.0.1[4500] because it is only accepted after phase 1._
2000 Jan 1 01:54:21 [SRX5308] [IKE] NAT detected: Peer is behind a NAT
device_
Explanation These logs are generated when the remote WAN host is connected through a
device such as the VPN firewall. NAT is detected before phase 1 is established.
Message 3: NAT-D does not match the remote host.
Message 6: The VPN firewall confirms that the remote host or the peer is
behind a NAT device.
Recommended Action None
Table C-24. System Logs: SSL VPN Tunnel, WAN Host and Interface
Message 2000 Jan 1 03:44:55 [SRX5308] [sslvpntunnel]
id=SRX5308 time="2000-1-1 3:44:55" fw=20.0.0.2 pri=6 rule=access-policy
proto="SSL VPN Tunnel" src=20.0.0.1 user=sai dst=20.0.0.2 arg="" op="" result=""
rcvd="" msg="SSL VPN Tunnel"
Explanation A SSL VPN tunnel is established for ID SRX5308 with the WAN host 20.0.0.1
through WAN interface 20.0.0.2 and logged in with the username “sai.”
Recommended Action None
To Next Page
Loading...
