Chapter 32 Logs Screens
ZyWALL 5/35/70 Series User’s Guide
571
Table 187 IPSec Logs
LOG MESSAGE DESCRIPTION
Discard REPLAY packet The router received and discarded a packet with an incorrect
sequence number.
Inbound packet
authentication failed
The router received a packet that has been altered. A third party
may have altered or tampered with the packet.
Receive IPSec packet,
but no corresponding
tunnel exists
The router dropped an inbound packet for which SPI could not find a
corresponding phase 2 SA.
Rule <%d> idle time
out, disconnect
The router dropped a connection that had outbound traffic and no
inbound traffic for a certain time period. You can use the "ipsec
timer chk_conn" CI command to set the time period. The default
value is 2 minutes.
WAN IP changed to <IP> The router dropped all connections with the “MyIP” configured as
“0.0.0.0” when the WAN IP address changed.
Inbound packet
decryption failed
Please check the algorithm configuration.
Cannot find outbound SA
for rule <%d>
A packet matches a rule, but there is no phase 2 SA for outbound
traffic.
Rule [%s] sends an echo
request to peer
The device sent a ping packet to check the specified VPN tunnel's
connectivity.
Rule [%s] receives an
echo reply from peer
The device received a ping response when checking the specified
VPN tunnel's connectivity.
Delete all tunnels All IPSec tunnels are disconnected. See the CLI Reference Guide
for information on how to do this.
Table 188 IKE Logs
LOG MESSAGE DESCRIPTION
Active connection allowed
exceeded
The IKE process for a new connection failed because the limit
of simultaneous phase 2 SAs has been reached.
Start Phase 2: Quick Mode Phase 2 Quick Mode has started.
Verifying Remote ID failed: The connection failed during IKE phase 2 because the router
and the peer’s Local/Remote Addresses don’t match.
Verifying Local ID failed: The connection failed during IKE phase 2 because the router
and the peer’s Local/Remote Addresses don’t match.
IKE Packet Retransmit The router retransmitted the last packet sent because there
was no response from the peer.
Failed to send IKE Packet An Ethernet error stopped the router from sending IKE
packets.
Too many errors! Deleting SA An SA was deleted because there were too many errors.
Phase 1 IKE SA process done The phase 1 IKE SA process has been completed.
Duplicate requests with the
same cookie
The router received multiple requests from the same peer
while still processing the first IKE packet from the peer.
IKE Negotiation is in
process
The router has already started negotiating with the peer for
the connection, but the IKE process has not finished yet.
To Next Page
Loading...
