Vpn responder ipsec log, 2 vpn responder ipsec log – ZyXEL Communications Internet Security Gateway ZyWALL 100 User Manual

ZyWALL 100 Internet Security Gateway

30-2

IPSec

Log

30.2 VPN Responder IPSec Log

The following figure shows a typical log from the VPN connection peer.

Figure 30-2 Example VPN Responder IPSec Log

This menu is useful for troubleshooting. A log index number, the date and time the log was created and a log
message are displayed.

Double exclamation marks (!!) denote an error or warning message.

The following table shows sample log messages during IKE key exchange.

Table 30-1 Sample IKE Key Exchange Logs

LOG MESSAGE

DESCRIPTION

Cannot find outbound SA for rule
<#d>

The packet matches the rule index number (#d), but
Phase 1 or Phase 2 negotiation for outbound (from the
VPN initiator) traffic is not finished yet.

Send Main Mode request to

Send Aggressive Mode request to

The ZyWALL has started negotiation with the peer.

Recv Main Mode request from

Recv Aggressive Mode request from

The ZyWALL has received an IKE negotiation request
from the peer.

Index: Date/Time: Log:
------------------------------------------------------------
001 01 Jan 08:08:07 Recv Main Mode request from <192.168.100.100>
002 01 Jan 08:08:07 Recv:
003 01 Jan 08:08:08 Send:
004 01 Jan 08:08:08 Recv:
005 01 Jan 08:08:10 Send:
006 01 Jan 08:08:10 Recv:
007 01 Jan 08:08:10 Send:
008 01 Jan 08:08:10 Phase 1 IKE SA process done
009 01 Jan 08:08:10 Recv:
010 01 Jan 08:08:10 Start Phase 2: Quick Mode
011 01 Jan 08:08:10 Send:
012 01 Jan 08:08:10 Recv:
Clear IPSec Log (y/n):