ZyXEL Communications P-334U User Manual

P-334U/P-335U User’s Guide

300

Appendix F Log Descriptions

Cannot resolve Secure Gateway
Addr for rule <%d>

The router couldn’t resolve the IP address from the domain

name that was used for the secure gateway address.

Peer ID: <peer id> <My remote
type> -<My local type>

The displayed ID information did not match between the two

ends of the connection.

vs. My Remote <My remote> -
<My remote>

The displayed ID information did not match between the two

ends of the connection.

vs. My Local <My local>-<My
local>

The displayed ID information did not match between the two

ends of the connection.

Send <packet>

A packet was sent.

Recv <packet>

IKE uses ISAKMP to transmit data. Each ISAKMP packet

contains many different types of payloads. All of them show in

the LOG. Refer to RFC2408 – ISAKMP for a list of all ISAKMP

payload types.

Recv <Main or Aggressive>
Mode request from <IP>

The router received an IKE negotiation request from the peer

address specified.

Send <Main or Aggressive>
Mode request to <IP>

The router started negotiation with the peer.

Invalid IP <Peer local> /
<Peer local>

The peer’s “Local IP Address” is invalid.

Remote IP <Remote IP> /
<Remote IP> conflicts

The security gateway is set to “0.0.0.0” and the router used

the peer’s “Local Address” as the router’s “Remote Address”.

This information conflicted with static rule #d; thus the

connection is not allowed.

Phase 1 ID type mismatch

This router’s "Peer ID Type" is different from the peer IPSec

router's "Local ID Type".

Phase 1 ID content mismatch

This router’s "Peer ID Content" is different from the peer

IPSec router's "Local ID Content".

No known phase 1 ID type
found

The router could not find a known phase 1 ID in the

connection attempt.

ID type mismatch. Local /
Peer: <Local ID type/Peer ID
type>

The phase 1 ID types do not match.

ID content mismatch

The phase 1 ID contents do not match.

Configured Peer ID Content:
<Configured Peer ID Content>

The phase 1 ID contents do not match and the configured

"Peer ID Content" is displayed.

Incoming ID Content:
<Incoming Peer ID Content>

The phase 1 ID contents do not match and the incoming

packet's ID content is displayed.

Unsupported local ID Type:
<%d>

The phase 1 ID type is not supported by the router.

Build Phase 1 ID

The router has started to build the phase 1 ID.

Adjust TCP MSS to%d

The router automatically changed the TCP Maximum

Segment Size value after establishing a tunnel.

Rule <%d> input idle time
out, disconnect

The tunnel for the listed rule was dropped because there was

no inbound traffic within the idle timeout period.

XAUTH succeed! Username:
<Username>

The router used extended authentication to authenticate the

listed username.

Table 126 IKE Logs (continued)

LOG MESSAGE

DESCRIPTION