ZyXEL Communications Internet Security Gateway ZyWALL 100 User Manual

ZyWALL 100 Internet Security Gateway

30-4

IPSec

Log

Table 30-1 Sample IKE Key Exchange Logs

LOG MESSAGE

DESCRIPTION

!! IKE Packet Retransmit

The ZyWALL did not receive a response from the peer
and so retransmits the last packet sent.

!! Failed to send IKE Packet

The ZyWALL cannot send IKE packets due to a
network error.

!! Too many errors! Deleting SA

The ZyWALL deletes an SA when too many errors
occur.

The following table shows sample log messages during packet transmission.

Table 30-2 Sample IPSec Logs During Packet Transmission

LOG MESSAGE

DESCRIPTION

!! WAN IP changed to

If the ZyWALL’s WAN IP changes, all configured “My IP Addr” are
changed to b “0.0.0.0”.. If this field is configured as 0.0.0.0, then
the ZyWALL will use the current ZyWALL WAN IP address (static
or dynamic) to set up the VPN tunnel.

!! Cannot find Phase 2 SA

The ZyWALL cannot find a phase 2 SA that corresponds with the
SPI of an inbound packet (from the peer); the packet is dropped.

!! Discard REPLAY packet

If the ZyWALL receives a packet with the wrong sequence number
it will discard it.

!! Inbound packet

authentication failed

The authentication configuration settings are incorrect. Please
check them.

!! Inbound packet
decryption failed

The decryption configuration settings are incorrect. Please check
them.

Rule <#d> idle time out,
disconnect

If an SA has no packets transmitted for a period of time
(configurable via CI command), the ZyWALL drops the connection.

The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC
for detailed information on each type.

Table 30-3 RFC-2408 ISAKMP Payload Types

LOG DISPLAY

PAYLOAD TYPE

SA

Security Association

PROP

Proposal