ZyXEL Communications 10 User Manual
Page 475
ZyWALL 10~100 Series Internet Security Gateway
Log Descriptions
83
Chart Q-10 Sample IKE Key Exchange Logs
LOG MESSAGE
DESCRIPTION
vs. My Local <IP address>
The IP address type or IP address of an incoming
packet does not match the peer IP address type or IP
address configured on the local router. The log
displays this router’s configured local IP address type
or IP address that the incoming packet did not match.
-> <symbol>
The router sent a payload type of IKE packet.
Error ID Info
The parameters configured for Phase 1 ID content do
not match or the parameters configured for the Phase
2 ID (IP address of single, range or subnet) do not
match. Please check all protocols and settings for
these phases.
Both ends of the VPN tunnel must use the same pre-shared key. You will receive a
“PYLD_MALFORMED” (payload malformed) packet if the same pre-shared key is
not used on both ends.
The following table shows sample log messages during packet transmission.
Chart Q-11 Sample IPSec Logs During Packet Transmission
LOG MESSAGE
DESCRIPTION
!! WAN IP changed to <IP>
If the ZyWALL’s WAN IP changes, all configured “My IP Addr” are
changed to b “0.0.0.0”. If this field is configured as 0.0.0.0, then the
ZyWALL will use the current ZyWALL WAN IP address (static or
dynamic) to set up the VPN tunnel.
!! Cannot find IPSec SA
The ZyWALL cannot find a phase 2 SA that corresponds with the
SPI of an inbound packet (from the peer); the packet is dropped.
!! Cannot find outbound SA
for rule <%d>
The packet matches the rule index number (#d), but Phase 1 or
Phase 2 negotiation for outbound (from the VPN initiator) traffic is
not finished yet.
!! Discard REPLAY packet
If the ZyWALL receives a packet with the wrong sequence number
it will discard it.
!! Inbound packet
authentication failed
The authentication configuration settings are incorrect. Please
check them.
!! Inbound packet
decryption failed
The decryption configuration settings are incorrect. Please check
them.