Netgear SRX5308 SRX5308 Reference Manual - Page 350
Table C-18. System Logs: IPsec VPN Tunnel, SA lifetime 150 sec in phase 1; 300 sec
UPC - 606449065145
View all Netgear SRX5308 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 350 highlights
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table C-18. System Logs: IPsec VPN Tunnel, SA lifetime (150 sec in phase 1; 300 sec in phase 2), VPN Tunnel Not Reestablished Message 2000 Jan 1 04:52:33 [SRX5308] [IKE] Using IPsec SA configuration: 192.168.11.0/ 24192.168.10.0/24_ 2000 Jan 1 04:52:33 [SRX5308] [IKE] Configuration found for 20.0.0.1._ 2000 Jan 1 04:52:59 [SRX5308] [IKE] Phase 1 negotiation failed due to time up for 20.0.0.1[500]. b73efd188399b7f2:0000000000000000_ 2000 Jan 1 04:53:04 [SRX5308] [IKE] Phase 2 negotiation failed due to time up waiting for phase 1. ESP 20.0.0.1->20.0.0.2 _ 2000 Jan 1 04:53:05 [SRX5308] [IKE] Using IPsec SA configuration: 192.168.11.0/ 24192.168.10.0/24_ 2000 Jan 1 04:53:05 [SRX5308] [IKE] Configuration found for 20.0.0.1._ 2000 Jan 1 04:53:05 [SRX5308] [IKE] Initiating new phase 1 negotiation: 20.0.0.2[500]20.0.0.1[500]_ 2000 Jan 1 04:53:05 [SRX5308] [IKE] Beginning Identity Protection mode._ 2000 Jan 1 04:53:05 [SRX5308] [IKE] Setting DPD Vendor ID_ 2000 Jan 1 04:53:36 [SRX5308] [IKE] Phase 2 negotiation failed due to time up waiting for phase 1. ESP 20.0.0.1->20.0.0.2 _ Explanation Phase 1 and phase 2 negotiations failed because of a mismatch of the WAN IP address in the IPsec VPN policy and the WAN IP address of the remote host attempting to establish the IPsec VPN tunnel. Recommended Action None Table C-19. System Logs: IPsec VPN Tunnel, Dead Peer Detection and Keepalive (Default 30 sec) Messages 1 through 4 Message 5 Message 7 2000 Jan 1 04:13:39 [SRX5308] [IKE] Received request for new phase 1 negotiation: 20.0.0.2[500]20.0.0.1[500]_ 2000 Jan 1 04:13:39 [SRX5308] [IKE] Beginning Identity Protection mode._ 2000 Jan 1 04:13:39 [SRX5308] [IKE] Received Vendor ID: RFC XXXX_ 2000 Jan 1 04:13:39 [SRX5308] [IKE] Received Vendor ID: DPD_ 2000 Jan 1 04:13:39 [SRX5308] [IKE] DPD is Enabled_ 2000 Jan 1 04:13:39 [SRX5308] [IKE] For 20.0.0.1[500], Selected NAT-T version: RFC XXXX_ 2000 Jan 1 04:13:39 [SRX5308] [IKE] Setting DPD Vendor ID_ Explanation Message 1-4: After receiving a request for phase 1 negotiation, a Dead Peer Detection Vendor ID is received. Message 5: DPD is enabled. Message 7: The DPD vendor ID is set. Recommended Action None C-12 v1.0, April 2010 System Logs and Error Messages