ZyXEL Communications 650 Series User Manual

Prestige 650 Series User’s Guide

VPN Screens

16-29

Table 16-13 Sample IKE Key Exchange Logs

LOG MESSAGE

DESCRIPTION

!! Local / remote IPs of incoming
request conflict with rule <#d>

If the security gateway is “0.0.0.0”, the Prestige will
use the peer’s “Local Addr” as its “Remote Addr”. If
this IP (range) conflicts with a previously configured
rule then the connection is not allowed.

!! Invalid IP <IP start>/<IP end>

The peer’s “Local IP Addr” range is invalid.

!! Remote IP <IP start> / <IP end>

conflicts

If the security gateway is “0.0.0.0”, the Prestige will
use the peer’s “Local Addr” as its “Remote Addr”. If a
peer’s “Local Addr” range conflicts with other
connections, then the Prestige will not accept VPN
connection requests from this peer.

!! Active connection allowed
exceeded

The Prestige limits the number of simultaneous Phase
2 SA negotiations. The IKE key exchange process fails
if this limit is exceeded.

!! IKE Packet Retransmit

The Prestige did not receive a response from the peer
and so retransmits the last packet sent.

!! Failed to send IKE Packet

The Prestige cannot send IKE packets due to a
network error.

!! Too many errors! Deleting SA

The Prestige deletes an SA when too many errors
occur.

The following table shows sample log messages during packet transmission.

Table 16-14 Sample IPSec Logs During Packet Transmission

LOG MESSAGE

DESCRIPTION

!! WAN IP changed to <IP>

If the Prestige’s WAN IP changes, all configured “My IP Addr” are
changed to b “0.0.0.0”.. If this field is configured as 0.0.0.0, then the
Prestige will use the current Prestige WAN IP address (static or
dynamic) to set up the VPN tunnel.

!! Cannot find Phase 2 SA

The Prestige cannot find a phase 2 SA that corresponds with the
SPI of an inbound packet (from the peer); the packet is dropped.

!! Discard REPLAY packet

If the Prestige receives a packet with the wrong sequence number it
will discard it.