beautypg.com

ZyXEL Communications NBG420N User Manual

Page 243

background image

Chapter 21 Logs

NBG420N User’s Guide

243

Verifying Local ID failed:

The connection failed during IKE phase 2 because the router

and the peer’s Local/Remote Addresses don’t match.

IKE Packet Retransmit

The router retransmitted the last packet sent because there

was no response from the peer.

Failed to send IKE Packet

An Ethernet error stopped the router from sending IKE

packets.

Too many errors! Deleting SA

An SA was deleted because there were too many errors.

Phase 1 IKE SA process done

The phase 1 IKE SA process has been completed.

Duplicate requests with the
same cookie

The router received multiple requests from the same peer

while still processing the first IKE packet from the peer.

IKE Negotiation is in process The router has already started negotiating with the peer for

the connection, but the IKE process has not finished yet.

No proposal chosen

Phase 1 or phase 2 parameters don’t match. Please check all

protocols / settings. Ex. One device being configured for

3DES and the other being configured for DES causes the

connection to fail.

Local / remote IPs of
incoming request conflict
with rule <%d>

The security gateway is set to “0.0.0.0” and the router used

the peer’s “Local Address” as the router’s “Remote Address”.

This information conflicted with static rule #d; thus the

connection is not allowed.

Cannot resolve Secure Gateway
Addr for rule <%d>

The router couldn’t resolve the IP address from the domain

name that was used for the secure gateway address.

Peer ID: type> -

The displayed ID information did not match between the two

ends of the connection.

vs. My Remote -

The displayed ID information did not match between the two

ends of the connection.

vs. My Local -local>

The displayed ID information did not match between the two

ends of the connection.

Send

A packet was sent.

Recv

IKE uses ISAKMP to transmit data. Each ISAKMP packet

contains many different types of payloads. All of them show in

the LOG. Refer to RFC2408 – ISAKMP for a list of all ISAKMP

payload types.

Recv


Mode request from

The router received an IKE negotiation request from the peer

address specified.

Send


Mode request to

The router started negotiation with the peer.

Invalid IP /

The peer’s “Local IP Address” is invalid.

Remote IP /
conflicts

The security gateway is set to “0.0.0.0” and the router used

the peer’s “Local Address” as the router’s “Remote Address”.

This information conflicted with static rule #d; thus the

connection is not allowed.

Phase 1 ID type mismatch

This router’s "Peer ID Type" is different from the peer IPSec

router's "Local ID Type".

Phase 1 ID content mismatch

This router’s "Peer ID Content" is different from the peer

IPSec router's "Local ID Content".

Table 100 IKE Logs (continued)

LOG MESSAGE

DESCRIPTION

See also other documents in the category ZyXEL Communications Hardware: