ZyXEL 792H 91-004-342001B Manuale Utente

Prestige 792H G.SHDSL Router 

14-28  

VPN 

Screens 

 The following table shows sample log messages during IKE key exchange.  

Cannot find outbound SA for rule 
<#d> 

The packet matches the rule index number (#d), but 
Phase 1 or Phase 2 negotiation for outbound (from the 
VPN initiator) traffic is not finished yet.  

Send Main Mode request to <IP> 

Send Aggressive Mode request to <IP> 

The Prestige has started negotiation with the peer. 

Recv Main Mode request from <IP> 

Recv Aggressive Mode request from 
<IP> 

The Prestige has received an IKE negotiation request 
from the peer. 

Send:<Symbol><Symbol> 

Recv:<Symbol><Symbol> 

IKE uses the ISAKMP protocol (refer to RFC2408 – 
ISAKMP) to transmit data. Each ISAKMP packet 
contains payloads of different types that show in the 
log - see Table 14-15. 

Phase 1 IKE SA process done 

Phase 1 negotiation is finished.  

Start Phase 2: Quick Mode 

Phase 2 negotiation is beginning using Quick Mode. 

!! IKE Negotiation is in process 

The Prestige has begun negotiation with the peer for 
the connection already, but the IKE key exchange has 
not finished yet. 

!! Duplicate requests with the same 
cookie 

The Prestige has received multiple requests from the 
same peer but it is still processing the first IKE packet 
from that peer. 

!! No proposal chosen 

The parameters configured for Phase 1 or Phase 2 
negotiations don’t match. Please check all protocols 
and settings for these phases. For example, one party 
may be using 3DES encryption, but the other party is 
using DES encryption, so the connection will fail. 

!! Verifying Local ID failed 

!! Verifying Remote ID failed 

During IKE Phase 2 negotiation, both parties 
exchange policy details, including local and remote IP 
address ranges. If these ranges differ, then the 
connection fails.