Figure 184 vpn log example, Vpn log – ZyXEL Communications ZyXEL ZyWALL P1 User Manual

ZyWALL P1 User’s Guide

314

Appendix G VPN Setup

VPN Log

The system log can often help to identify a configuration problem.
Enable IKE & IPSec logging via the web configurator at both ends, clear the log and then
build the tunnel.

View the log via the web configurator or type ‘sys log disp’ from CLI. See

Appendix N on

page 347

for information on the log messages.

Figure 184 VPN Log Example

zw5> sys log disp ike ipsec

# .time source destination notes

message
0|09/21/2004 05:45:08 |172.21.3.43 |172.21.3.185 |IKE

Rule [1] Tunnel built successfully
1|09/21/2004 05:45:08 |172.21.3.43 |172.21.3.185 |IKE

Send:[HASH]
2|09/21/2004 05:45:08 |172.21.3.43 |172.21.3.185 |IKE

Adjust TCP MSS to 1398
3|09/21/2004 05:45:07 |172.21.3.185 |172.21.3.43 |IKE

Recv:[HASH][SA][NONCE][ID][ID]
4|09/21/2004 05:45:07 |172.21.3.43 |172.21.3.185 |IKE

Send:[HASH][SA][NONCE][ID][ID]
5|09/21/2004 05:45:07 |172.21.3.43 |172.21.3.185 |IKE

Start Phase 2: Quick Mode
6|09/21/2004 05:45:07 |172.21.3.43 |172.21.3.185 |IKE

Phase 1 IKE SA process done
7|09/21/2004 05:45:07 |172.21.3.185 |172.21.3.43 |IKE

Recv:[ID][HASH][NOTFY:INIT_CONTACT]
8|09/21/2004 05:45:07 |172.21.3.43 |172.21.3.185 |IKE

Send:[ID][HASH][NOTFY:INIT_CONTACT]
9|09/21/2004 05:45:07 |172.21.3.185 |172.21.3.43 |IKE

Recv:[KE][NONCE]
10|09/21/2004 05:45:07 |172.21.3.43 |172.21.3.185 |IKE

Send:[KE][NONCE]
11|09/21/2004 05:45:07 |172.21.3.185 |172.21.3.43 |IKE