Appendix L Log Descriptions
P-662H/HW-D Series User’s Guide
465
Table 195 IKE Logs
LOG MESSAGE DESCRIPTION
Active connection allowed
exceeded
The IKE process for a new connection failed because the limit
of simultaneous phase 2 SAs has been reached.
Start Phase 2: Quick Mode Phase 2 Quick Mode has started.
Verifying Remote ID failed: The connection failed during IKE phase 2 because the router
and the peer’s Local/Remote Addresses don’t match.
Verifying Local ID failed: The connection failed during IKE phase 2 because the router
and the peer’s Local/Remote Addresses don’t match.
IKE Packet Retransmit The router retransmitted the last packet sent because there
was no response from the peer.
Failed to send IKE Packet An Ethernet error stopped the router from sending IKE
packets.
Too many errors! Deleting SA An SA was deleted because there were too many errors.
Phase 1 IKE SA process done The phase 1 IKE SA process has been completed.
Duplicate requests with the
same cookie
The router received multiple requests from the same peer
while still processing the first IKE packet from the peer.
IKE Negotiation is in
process
The router has already started negotiating with the peer for
the connection, but the IKE process has not finished yet.
No proposal chosen Phase 1 or phase 2 parameters don’t match. Please check all
protocols / settings. Ex. One device being configured for
3DES and the other being configured for DES causes the
connection to fail.
Local / remote IPs of
incoming request conflict
with rule <%d>
The security gateway is set to “0.0.0.0” and the router used
the peer’s “Local Address” as the router’s “Remote Address”.
This information conflicted with static rule #d; thus the
connection is not allowed.
Cannot resolve Secure
Gateway Addr for rule <%d>
The router couldn’t resolve the IP address from the domain
name that was used for the secure gateway address.
Peer ID: <peer id> <My remote
type> -<My local type>
The displayed ID information did not match between the two
ends of the connection.
vs. My Remote <My remote> -
<My remote>
The displayed ID information did not match between the two
ends of the connection.
vs. My Local <My local>-<My
local>
The displayed ID information did not match between the two
ends of the connection.
Send <packet> A packet was sent.
Recv <packet> IKE uses ISAKMP to transmit data. Each ISAKMP packet
contains many different types of payloads. All of them show in
the LOG. Refer to RFC2408 – ISAKMP for a list of all
ISAKMP payload types.
Recv <Main or Aggressive>
Mode request from <IP>
The router received an IKE negotiation request from the peer
address specified.
Send <Main or Aggressive>
Mode request to <IP>
The router started negotiation with the peer.
Invalid IP <Peer local> /
<Peer local>
The peer’s “Local IP Address” is invalid.
To Next Page
Loading...
