User's Manual
302 Appendix J Log descriptions
N0115791
Table 76 shows sample log messages during packet transmission.
Table 77 shows RFC-2408 ISAKMP payload types that the log displays. Refer to
the RFC for detailed information on each type.
Table 76 Sample IPSec logs during packet transmission
LOG MESSAGE DESCRIPTION
!! WAN IP changed to <IP>
If the BCM50a Integrated Router’s WAN IP
changes, all configured “My IP Addr” are
changed to “0.0.0.0”. If this field is configured as
0.0.0.0, the BCM50a Integrated Router uses the
current BCM50a Integrated Router WAN IP
address (static or dynamic) to set up the VPN
tunnel.
!! Cannot find IPSec SA
The BCM50a Integrated Router cannot find a
phase 2 SA that corresponds with the SPI of an
inbound packet (from the peer); the packet is
dropped.
!! Cannot find outbound SA for
rule <%d>
The packet matches the rule index number (#d),
but Phase 1 or Phase 2 negotiation for outbound
(from the VPN initiator) traffic is not finished yet.
!! Discard REPLAY packet
If the BCM50a Integrated Router receives a
packet with the wrong sequence number it
discards it.
!! Inbound packet authentication
failed
The authentication configuration settings are
incorrect. Check them.
!! Inbound packet decryption
failed
The decryption configuration settings are
incorrect. Check them.
Rule <#d> idle time out,
disconnect
If an SA has no packets transmitted for a period
of time (configurable via CI command), the
BCM50a Integrated Router drops the
connection.
Table 77 RFC-2408 ISAKMP payload types
Log Display Payload Type
SA Security Association
PROP Proposal
TRANS Transform
KE Key Exchange
ID Identification