Справочник Пользователя для ZyXEL 202H 91-003-194003B
Модели
91-003-194003B
P-202H Plus v2 User’s Guide
315
Chapter 35 IPSec Log
Figure 210 Example VPN Responder IPSec Log
This menu is useful for troubleshooting. A log index number, the date and time the log was
created and a log message are displayed.
created and a log message are displayed.
Note: Double exclamation marks (!!) denote an error or warning message.
The following table shows sample log messages during IKE key exchange.
Index: Date/Time: Log:
------------------------------------------------------------
001 01 Jan 08:08:07 Recv Main Mode request from <192.168.100.100>
002 01 Jan 08:08:07 Recv:<SA>
003 01 Jan 08:08:08 Send:<SA>
004 01 Jan 08:08:08 Recv:<KE><NONCE>
005 01 Jan 08:08:10 Send:<KE><NONCE>
006 01 Jan 08:08:10 Recv:<ID><HASH>
007 01 Jan 08:08:10 Send:<ID><HASH>
008 01 Jan 08:08:10 Phase 1 IKE SA process done
009 01 Jan 08:08:10 Recv:<HASH><SA><NONCE><ID><ID>
010 01 Jan 08:08:10 Start Phase 2: Quick Mode
011 01 Jan 08:08:10 Send:<HASH><SA><NONCE><ID><ID>
012 01 Jan 08:08:10 Recv:<HASH>
Clear IPSec Log (y/n):
------------------------------------------------------------
001 01 Jan 08:08:07 Recv Main Mode request from <192.168.100.100>
002 01 Jan 08:08:07 Recv:<SA>
003 01 Jan 08:08:08 Send:<SA>
004 01 Jan 08:08:08 Recv:<KE><NONCE>
005 01 Jan 08:08:10 Send:<KE><NONCE>
006 01 Jan 08:08:10 Recv:<ID><HASH>
007 01 Jan 08:08:10 Send:<ID><HASH>
008 01 Jan 08:08:10 Phase 1 IKE SA process done
009 01 Jan 08:08:10 Recv:<HASH><SA><NONCE><ID><ID>
010 01 Jan 08:08:10 Start Phase 2: Quick Mode
011 01 Jan 08:08:10 Send:<HASH><SA><NONCE><ID><ID>
012 01 Jan 08:08:10 Recv:<HASH>
Clear IPSec Log (y/n):
Table 106 Sample IKE Key Exchange Logs
LOG MESSAGE
DESCRIPTION
Cannot find outbound SA for rule <#d>
The packet matches the rule index number (#d), but
Phase 1 or Phase 2 negotiation for outbound (from the
VPN initiator) traffic is not finished yet.
Send Main Mode request to <IP>
Send Aggressive Mode request to <IP>
Send Aggressive Mode request to <IP>
The ZyXEL Device has started negotiation with the peer.
Recv Main Mode request from <IP>
Recv Aggressive Mode request from <IP>
Recv Aggressive Mode request from <IP>
The ZyXEL Device has received an IKE negotiation
request from the peer.
Send:<Symbol><Symbol>
Recv:<Symbol><Symbol>
Recv:<Symbol><Symbol>
IKE uses the ISAKMP protocol (refer to RFC2408 -
ISAKMP) to transmit data. Each ISAKMP packet contains
payloads of different types that show in the log - see
.
Phase 1 IKE SA process done
Phase 1 negotiation is finished.
Start Phase 2: Quick Mode
Phase 2 negotiation is beginning using Quick Mode.
!! IKE Negotiation is in process
The ZyXEL Device has begun negotiation with the peer for
the connection already, but the IKE key exchange has not
finished yet.
!! Duplicate requests with the same
cookie
The ZyXEL Device has received multiple requests from
the same peer but it is still processing the first IKE packet
from that peer.