ZyXEL 2WG Guía Del Usuario

 Chapter 15 IPSec VPN Screens

ZyWALL 2WG User’s Guide

Figure 212   IKE/IPSec Debug Example 

The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, 
and Diffie-Hellman (DH) key group that the ZyWALL and remote IPSec router use in the IKE 
SA. In main mode, this is done in steps 1 and 2, as illustrated below.

ras> ipsec debug
type            level           display                           
ras> ipsec debug type
<0:Disable | 1:Original on|off | 2:IKE on|off | 3: IPSec [SPI]|on|off | 
4:XAUTH on|off | 5:CERT on|off | 6: All>
ras> ipsec debug level
<0:None | 1:User | 2:Low | 3:High>

ras> ipsec debug type 1 on
ras> ipsec debug type 2 on
ras> ipsec debug level 3

ras> ipsec dial 1
get_ipsec_sa_by_policyIndex():
Start dialing for tunnel <rule# 1>...
ikeStartNegotiate(): saIndex<0>
peerIp<5.1.2.3> protocol: <IPSEC_ESP>(3)

   peer Ip <5.1.2.3> initiator(): type<IPSEC_ESP>, exch<Main>

   initiator :
   protocol: IPSEC_ESP, exchange mode: Main mode  find_ipsec_sa():
      find ipsec saNot found

      Not found  isadb_is_outstanding_req():
      isakmp is outstanding req : SA not found
isadb_create_entry():  >> INITIATOR

  isadb_get_entry_by_addr():
      Get IKE entry by address:   SA not found

      SA not found  ISAKMP SA created for peer <BRANCH> size<900>

      ISAKMP SA created for peer <BRANCH> size<900>  ISAKMP SA built, 
ikePeer.s0

      ISAKMP SA built, index = 0isadb_create_entry(): done

      create IKE entry doneinitiator(): find myIpAddr = 0.0.0.0, use 
<5.6.7.8> r