ZyXEL Communications 202H User Manual

Page 293

Advertising
background image

Prestige 202H User’s Guide

IPSec Log

28-3

Table 28-1 Sample IKE Key Exchange Logs

LOG MESSAGE

DESCRIPTION

Start Phase 2: Quick Mode

Phase 2 negotiation is beginning using Quick Mode.

!! IKE Negotiation is in process

The Prestige has begun negotiation with the peer for
the connection already, but the IKE key exchange has
not finished yet.

!! Duplicate requests with the same cookie

The Prestige has received multiple requests from the
same peer but it is still processing the first IKE packet
from that peer.

!! No proposal chosen

The parameters configured for Phase 1 or Phase 2
negotiations don’t match. Please check all protocols
and settings for these phases. For example, one party
may be using 3DES encryption, but the other party is
using DES encryption, so the connection will fail.

!! Verifying Local ID failed

!! Verifying Remote ID failed

During IKE Phase 2 negotiation, both parties exchange
policy details, including local and remote IP address
ranges. If these ranges differ, then the connection fails.

!! Local / remote IPs of incoming request conflict
with rule <#d>

If the security gateway is “0.0.0.0”, the Prestige will
use the peer’s “Local Addr” as its “Remote Addr”. If this
IP (range) conflicts with a previously configured rule
then the connection is not allowed.

!! Invalid IP <IP start>/<IP end>

The peer’s “Local IP Addr” range is invalid.

!! Remote IP <IP start> / <IP end> conflicts

If the security gateway is “0.0.0.0”, the Prestige will
use the peer’s “Local Addr” as its “Remote Addr”. If a
peer’s “Local Addr” range conflicts with other
connections, then the Prestige will not accept VPN
connection requests from this peer.

!! Active connection allowed exceeded

The Prestige limits the number of simultaneous Phase
2 SA negotiations. The IKE key exchange process fails
if this limit is exceeded.

!! IKE Packet Retransmit

The Prestige did not receive a response from the peer
and so retransmits the last packet sent.

!! Failed to send IKE Packet

The Prestige cannot send IKE packets due to a
network error.

!! Too many errors! Deleting SA

The Prestige deletes an SA when too many errors
occur.

Advertising
Popular Brands
Popular manuals