beautypg.com

ZyXEL Communications P-660H-Tx v2 User Manual

Page 220

background image

Chapter 19 Logs

P-660H-Tx v2 User’s Guide

220

Recv

IKE uses ISAKMP to transmit data. Each ISAKMP packet

contains many different types of payloads. All of them show in

the LOG. Refer to RFC2408 – ISAKMP for a list of all

ISAKMP payload types.

Recv


Mode request from

The router received an IKE negotiation request from the peer

address specified.

Send


Mode request to

The router started negotiation with the peer.

Invalid IP /

The peer’s “Local IP Address” is invalid.

Remote IP /
conflicts

The security gateway is set to “0.0.0.0” and the router used

the peer’s “Local Address” as the router’s “Remote Address”.

This information conflicted with static rule #d; thus the

connection is not allowed.

Phase 1 ID type mismatch

This router’s "Peer ID Type" is different from the peer IPSec

router's "Local ID Type".

Phase 1 ID content mismatch

This router’s "Peer ID Content" is different from the peer

IPSec router's "Local ID Content".

No known phase 1 ID type
found

The router could not find a known phase 1 ID in the

connection attempt.

ID type mismatch. Local /
Peer: type>

The phase 1 ID types do not match.

ID content mismatch

The phase 1 ID contents do not match.

Configured Peer ID Content:

The phase 1 ID contents do not match and the configured

"Peer ID Content" is displayed.

Incoming ID Content:

The phase 1 ID contents do not match and the incoming

packet's ID content is displayed.

Unsupported local ID Type:
<%d>

The phase 1 ID type is not supported by the router.

Build Phase 1 ID

The router has started to build the phase 1 ID.

Adjust TCP MSS to%d

The router automatically changed the TCP Maximum

Segment Size value after establishing a tunnel.

Rule <%d> input idle time
out, disconnect

The tunnel for the listed rule was dropped because there was

no inbound traffic within the idle timeout period.

XAUTH succeed! Username:

The router used extended authentication to authenticate the

listed username.

XAUTH fail! Username:

The router was not able to use extended authentication to

authenticate the listed username.

Rule[%d] Phase 1 negotiation
mode mismatch

The listed rule’s IKE phase 1 negotiation mode did not match

between the router and the peer.

Rule [%d] Phase 1 encryption
algorithm mismatch

The listed rule’s IKE phase 1 encryption algorithm did not

match between the router and the peer.

Rule [%d] Phase 1
authentication algorithm
mismatch

The listed rule’s IKE phase 1 authentication algorithm did not

match between the router and the peer.

Table 91 IKE Logs (continued)

LOG MESSAGE

DESCRIPTION

See also other documents in the category ZyXEL Communications Computer Accessories: