ZyXEL 2WG Guida Utente
Chapter 15 IPSec VPN Screens
ZyWALL 2WG User’s Guide
330
Figure 211 VPN Log Example
15.10.1 IPSec Debug
If you are having difficulty building an IPSec tunnel to a non-ZyXEL IPSec router, advanced
users may wish to examine the IPSec debug feature (in the commands).
users may wish to examine the IPSec debug feature (in the commands).
"
If any of your VPN rules have an active network policy set to nailed-up, using
the IPSec debug feature may cause the ZyWALL to continuously display new
information. Type
the IPSec debug feature may cause the ZyWALL to continuously display new
information. Type
ipsec debug level 0
and press [ENTER] to stop it.
ras> sys log disp ike ipsec
# .time source destination notes
message
0|01/11/2001 18:47:22 |5.6.7.8 |5.1.2.3 |IKE
Rule [ex-1] Tunnel built successfully
1|01/11/2001 18:47:22 |5.6.7.8 |5.1.2.3 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
2|01/11/2001 18:47:22 |5.6.7.8 |5.1.2.3 |IKE
Send:[HASH]
3|01/11/2001 18:47:22 |5.6.7.8 |5.1.2.3 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
4|01/11/2001 18:47:22 |5.6.7.8 |5.1.2.3 |IKE
Adjust TCP MSS to 1398
5|01/11/2001 18:47:22 |5.1.2.3 |5.6.7.8 |IKE
Recv:[HASH][SA][NONCE][ID][ID]
6|01/11/2001 18:47:22 |5.1.2.3 |5.6.7.8 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
7|01/11/2001 18:47:21 |5.6.7.8 |5.1.2.3 |IKE
IKE Packet Retransmit
8|01/11/2001 18:47:21 |5.6.7.8 |5.1.2.3 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
9|01/11/2001 18:47:17 |5.6.7.8 |5.1.2.3 |IKE
Send:[HASH][SA][NONCE][ID][ID]
10|01/11/2001 18:47:17 |5.6.7.8 |5.1.2.3 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
11|01/11/2001 18:47:17 |5.6.7.8 |5.1.2.3 |IKE
Start Phase 2: Quick Mode
12|01/11/2001 18:47:17 |5.6.7.8 |5.1.2.3 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
13|01/11/2001 18:47:17 |5.6.7.8 |5.1.2.3 |IKE
Phase 1 IKE SA process done
14|01/11/2001 18:47:17 |5.6.7.8 |5.1.2.3 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
15|01/11/2001 18:47:17 |5.1.2.3 |5.6.7.8 |IKE
Recv:[ID][HASH][NOTFY:INIT_CONTACT]9C3F7DCA
16|01/11/2001 18:47:17 |5.1.2.3 |5.6.7.8 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
17|01/11/2001 18:47:15 |5.6.7.8 |5.1.2.3 |IKE
Send:[ID][HASH][NOTFY:INIT_CONTACT]9C3F7DCA
message
0|01/11/2001 18:47:22 |5.6.7.8 |5.1.2.3 |IKE
Rule [ex-1] Tunnel built successfully
1|01/11/2001 18:47:22 |5.6.7.8 |5.1.2.3 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
2|01/11/2001 18:47:22 |5.6.7.8 |5.1.2.3 |IKE
Send:[HASH]
3|01/11/2001 18:47:22 |5.6.7.8 |5.1.2.3 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
4|01/11/2001 18:47:22 |5.6.7.8 |5.1.2.3 |IKE
Adjust TCP MSS to 1398
5|01/11/2001 18:47:22 |5.1.2.3 |5.6.7.8 |IKE
Recv:[HASH][SA][NONCE][ID][ID]
6|01/11/2001 18:47:22 |5.1.2.3 |5.6.7.8 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
7|01/11/2001 18:47:21 |5.6.7.8 |5.1.2.3 |IKE
IKE Packet Retransmit
8|01/11/2001 18:47:21 |5.6.7.8 |5.1.2.3 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
9|01/11/2001 18:47:17 |5.6.7.8 |5.1.2.3 |IKE
Send:[HASH][SA][NONCE][ID][ID]
10|01/11/2001 18:47:17 |5.6.7.8 |5.1.2.3 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
11|01/11/2001 18:47:17 |5.6.7.8 |5.1.2.3 |IKE
Start Phase 2: Quick Mode
12|01/11/2001 18:47:17 |5.6.7.8 |5.1.2.3 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
13|01/11/2001 18:47:17 |5.6.7.8 |5.1.2.3 |IKE
Phase 1 IKE SA process done
14|01/11/2001 18:47:17 |5.6.7.8 |5.1.2.3 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
15|01/11/2001 18:47:17 |5.1.2.3 |5.6.7.8 |IKE
Recv:[ID][HASH][NOTFY:INIT_CONTACT]9C3F7DCA
16|01/11/2001 18:47:17 |5.1.2.3 |5.6.7.8 |IKE
The cookie pair is : 0xDAC0B43FBDE154F5 / 0xC5156C099C3F7DCA
17|01/11/2001 18:47:15 |5.6.7.8 |5.1.2.3 |IKE
Send:[ID][HASH][NOTFY:INIT_CONTACT]9C3F7DCA