ZyXEL zywall 10 Handbuch
Doc.Ref tgbvpn_cg_ZyWall10_en
Doc.version
Doc.version
2.0 – Nov.2004
VPN version
2.5x
4 VPN IPSec Troubleshooting
4.1 « PAYLOAD MALFORMED
» error
114920 Default (SA ZyWALL-P1) SEND phase 1 Main Mode [SA][VID]
114920 Default (SA ZyWALL-P1) RECV phase 1 Main Mode [NOTIFY]
114920 Default exchange_run: exchange_validate failed
114920 Default dropped message from 195.100.205.114 port 500 due to notification
type PAYLOAD_MALFORMED
114920 Default SEND Informational [NOTIFY] with PAYLOAD_MALFORMED error
114920 Default (SA ZyWALL-P1) RECV phase 1 Main Mode [NOTIFY]
114920 Default exchange_run: exchange_validate failed
114920 Default dropped message from 195.100.205.114 port 500 due to notification
type PAYLOAD_MALFORMED
114920 Default SEND Informational [NOTIFY] with PAYLOAD_MALFORMED error
If you have an « PAYLOAD MALFORMED » error you might have a wrong Phase 1 [SA], check if the encryption
algorithms are the same on each side of the VPN tunnel.
4.2 « INVALID COOKIE » error
115933 Default message_recv: invalid cookie(s) 5918ca0c2634288f 7364e3e486e49105
115933 Default dropped message from 195.100.205.114 port 500 due to notification
type INVALID_COOKIE
115933 Default SEND Informational [NOTIFY] with INVALID_COOKIE error
115933 Default dropped message from 195.100.205.114 port 500 due to notification
type INVALID_COOKIE
115933 Default SEND Informational [NOTIFY] with INVALID_COOKIE error
If you have an « INVALID COOKIE » error, it means that one of the endpoint is using a SA that is no more in use.
Reset the VPN connection on each side.
4.3 « no keystate » error
115315 Default (SA ZyWALL-P1) SEND phase 1 Main Mode [SA][VID]
115317 Default (SA ZyWALL-P1) RECV phase 1 Main Mode [SA][VID]
115317 Default (SA ZyWALL-P1) SEND phase 1 Main Mode [KEY][NONCE]
115319 Default (SA ZyWALL-P1) RECV phase 1 Main Mode [KEY][NONCE]
115319 Default (SA ZyWALL-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY]
115319 Default ipsec_get_keystate: no keystate in ISAKMP SA 00B57C50
115317 Default (SA ZyWALL-P1) RECV phase 1 Main Mode [SA][VID]
115317 Default (SA ZyWALL-P1) SEND phase 1 Main Mode [KEY][NONCE]
115319 Default (SA ZyWALL-P1) RECV phase 1 Main Mode [KEY][NONCE]
115319 Default (SA ZyWALL-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY]
115319 Default ipsec_get_keystate: no keystate in ISAKMP SA 00B57C50
If you have an « no keystate » error, check if the preshared key is correct or if the local ID is correct (see
« Advanced » button). You should have more information in the remote endpoint logs.
4.4 « received remote ID other than expected » error
120348 Default (SA ZyWALL-P1) SEND phase 1 Main Mode [SA][VID]
120349 Default (SA ZyWALL-P1) RECV phase 1 Main Mode [SA][VID]
120349 Default (SA ZyWALL-P1) SEND phase 1 Main Mode [KEY][NONCE]
120351 Default (SA ZyWALL-P1) RECV phase 1 Main Mode [KEY][NONCE]
120351 Default (SA ZyWALL-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY]
120351 Default (SA ZyWALL-P1) RECV phase 1 Main Mode [ID][HASH][NOTIFY]
120351 Default ike_phase_1_recv_ID: received remote ID other than expected
support@thegreenbow.fr
120349 Default (SA ZyWALL-P1) RECV phase 1 Main Mode [SA][VID]
120349 Default (SA ZyWALL-P1) SEND phase 1 Main Mode [KEY][NONCE]
120351 Default (SA ZyWALL-P1) RECV phase 1 Main Mode [KEY][NONCE]
120351 Default (SA ZyWALL-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY]
120351 Default (SA ZyWALL-P1) RECV phase 1 Main Mode [ID][HASH][NOTIFY]
120351 Default ike_phase_1_recv_ID: received remote ID other than expected
support@thegreenbow.fr
The « Remote ID » value (see « Advanced » Button) do not match what the remote endpoint is expected.
IPSec VPN Router Configuration
Property of TheGreenBow Sistech SA - © Sistech 2001-2005
9/12