1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 88
Page 436 / 469 Scroll up to view Page 431 - 435
System Logs and Error Messages
436
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
This section describes the logs generated when the WAN mode is set to auto-rollover.
PPP Logs
This section describes the WAN PPP connection logs. The PPP type can be configured from
the web management interface (see
Manually Configure an IPv4 Internet Connection
on
page
34).
Table 117.
System logs: WAN status, auto-rollover
Message
Nov 17 09:59:09 [SRX5308] [wand] [LBFO] WAN1 Test Failed 1 of 3 times_
Nov 17 09:59:39 [SRX5308] [wand] [LBFO] WAN1 Test Failed 2 of 3 times_
Nov 17 10:00:09 [SRX5308] [wand] [LBFO] WAN1 Test Failed 3 of 3 times_
Nov 17 10:01:01 [SRX5308] [wand] [LBFO] WAN1 Test Failed 4 of 3 times_
Nov 17 10:01:35 [SRX5308] [wand] [LBFO] WAN1 Test Failed 5 of 3 times_
Nov 17 10:01:35 [SRX5308] [wand] [LBFO] WAN1(DOWN), WAN2(UP),
ACTIVE(WAN2)_
Nov 17 10:02:25 [SRX5308] [wand] [LBFO] WAN1 Test Failed 6 of 3 times_
Nov 17 10:02:25 [SRX5308] [wand] [LBFO] Restarting WAN1_
Nov 17 10:02:57 [SRX5308] [wand] [LBFO] WAN1 Test Failed 7 of 3 times_
Nov 17 10:03:27 [SRX5308] [wand] [LBFO] WAN1 Test Failed 8 of 3 times_
Nov 17 10:03:57 [SRX5308] [wand] [LBFO] WAN1 Test Failed 9 of 3 times_
Nov 17 10:03:57 [SRX5308] [wand] [LBFO] Restarting WAN1_
Explanation
The logs suggest that the failover was detected after 5 attempts instead of 3.
However, the reason that the messages appear in the log is because of the WAN
state transition logic, which is part of the failover algorithm. These logs can be
interpreted as follows:
The primary link failure is correctly detected after the 3rd attempt. Thereafter, the
algorithm attempts to restart the WAN connection and checks once again to
determine if WAN1 is still down. This results in the 4th failure detection message. If
it is still down, then it starts a secondary link, and once the secondary link is up, the
secondary link is marked as active. Meanwhile, the primary link has failed once
more, and that results in the 5th failure detection message. Note that the 5th failure
detection message and the message suggesting that the secondary link is active
have the same time stamp, and so they happen in the same algorithm
state–machine cycle. So although it appears that the failover did not happen
immediately after 3 failures, internally, the failover process is triggered after the 3rd
failure, and transition to the secondary link is completed by the 5th failure. The
primary link is also restarted every 3 failures till it is functional again. In these logs,
the primary link was restarted after the 6th failure, that is, 3 failures after the failover
process was triggered.
Recommended action
Check the WAN settings and WAN failure detection method configured for the
primary link.
Page 437 / 469
System Logs and Error Messages
437
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
PPPoE Idle Timeout Logs
PPTP Idle Timeout Logs
Table 118.
System logs: WAN status, PPPoE idle time-out
Message
Nov 29 13:12:46 [SRX5308] [pppd] Starting connection
Nov 29 13:12:49 [SRX5308] [pppd] Remote message: Success
Nov 29 13:12:49 [SRX5308] [pppd] PAP authentication succeeded
Nov 29 13:12:49 [SRX5308] [pppd] local IP address 50.0.0.62
Nov 29 13:12:49 [SRX5308] [pppd] remote IP address 50.0.0.1
Nov 29 13:12:49 [SRX5308] [pppd] primary DNS address 202.153.32.3
Nov 29 13:12:49 [SRX5308] [pppd] secondary DNS address 202.153.32.3
Nov 29 11:29:26 [SRX5308] [pppd] Terminating connection due to lack of
activity.
Nov 29 11:29:28 [SRX5308] [pppd] Connect time 8.2 minutes.
Nov 29 11:29:28 [SRX5308] [pppd] Sent 1408 bytes, received 0 bytes.
Nov 29 11:29:29 [SRX5308] [pppd] Connection terminated.
Explanation
Message 1: PPPoE connection started.
Message 2: Message from PPPoE server for correct login.
Message 3: Authentication for PPP succeeded.
Message 4: Local IP address assigned by the server.
Message 5: Server side IP address.
Message 6: The primary DNS server that is configured on the WAN ISP
Settings screen.
Message 7: The secondary DNS server that is configured on the WAN ISP
Settings screen.
Message 8: The PPP link has transitioned to idle mode. This event occurs
if there is no traffic from the LAN network.
Message 9: The time in minutes for which the link has been up.
Message 10: Data sent and received at the LAN side while the link was up.
Message 11: PPP connection terminated after idle time-out.
Recommended action
To reconnect during idle mode, initiate traffic from the LAN side.
Table 119.
System logs: WAN status, PPTP idle time-out
Message
Nov 29 11:19:02 [SRX5308] [pppd] Starting connection
Nov 29 11:19:05 [SRX5308] [pppd] CHAP authentication succeeded
Nov 29 11:19:05 [SRX5308] [pppd] local IP address 192.168.200.214
Nov 29 11:19:05 [SRX5308] [pppd] remote IP address 192.168.200.1
Nov 29 11:19:05 [SRX5308] [pppd] primary DNS address 202.153.32.2
Nov 29 11:19:05 [SRX5308] [pppd] secondary DNS address 202.153.32.2
Nov 29 11:20:45 [SRX5308] [pppd] No response to 10 echo-requests
Nov 29 11:20:45 [SRX5308] [pppd] Serial link appears to be disconnected.
Nov 29 11:20:45 [SRX5308] [pppd] Connect time 1.7 minutes.
Nov 29 11:20:45 [SRX5308] [pppd] Sent 520 bytes, received 80 bytes.
Nov 29 11:20:51 [SRX5308] [pppd] Connection terminated.
Page 438 / 469
System Logs and Error Messages
438
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
PPP Authentication Logs
Resolved DNS Names
This section describes the logs of DNS name resolution messages.
Explanation
Message 1: Starting PPP connection process.
Message 2: Message from the server for authentication success.
Message 3: Local IP address assigned by the server.
Message 4: Server side IP address.
Message 6: The primary DNS server that is configured on the WAN ISP
Settings screen.
Message 7: The secondary DNS server that is configured on the WAN ISP
Settings screen.
Message 7: Sensing idle link.
Message 8: Idle link sensed.
Message 9: Data sent and received at the LAN side while the link was up.
Message 10: PPP connection terminated after idle time-out.
Recommended action
To reconnect during idle mode, initiate traffic from the LAN side.
Table 120.
System logs: WAN status, PPP authentication
Message
Nov 29 11:29:26 [SRX5308] [pppd] Starting link
Nov 29 11:29:29 [SRX5308] [pppd] Remote message: Login incorrect
Nov 29 11:29:29 [SRX5308] [pppd] PAP authentication failed
Nov 29 11:29:29 [SRX5308] [pppd] Connection
terminated.WAN2(DOWN)_
Explanation
Starting link: Starting PPPoE connection process.
Remote message: Login incorrect: Message from PPPoE server for
incorrect login.
PAP authentication failed: PPP authentication failed due to incorrect login.
Connection terminated: PPP connection terminated.
Recommended action
If authentication fails, then check the login/password and enter the correct
one.
Table 121.
System logs: DNS name resolution messages
Message
2000 Jan 1 05:12:00 [SRX5308] [dnsmasq] [DNSRESOLV]:teamf1.com from
192.168.11.2
Explanation
This log is generated when the DNS name (that is, teamf1) is resolved.
Recommended action
None
Table 119.
System logs: WAN status, PPTP idle time-out (continued)
Page 439 / 469
System Logs and Error Messages
439
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
VPN Log Messages
This section explains logs that are generated by IPSec VPN and SSL VPN policies. These
logs are generated automatically and do not need to be enabled.
IPSec VPN Logs
This section describes the log messages generated by IPSec VPN policies.
Note:
The same IPSec VPN log messages can appear in the logs that are
accessible when you select the
VPN
check box on the Firewall Logs
& E-mail screen (see
Configure Logging, Alerts, and Event
Notifications
on page
362) and in the logs on the IPSec VPN Logs
screen (see
View the VPN Logs
on page
380).
Table 122.
System logs: IPSec VPN tunnel, tunnel establishment
Messages 1 through 5
Messages 6 and 7
Messages 8 through 19
Messages 20 and 21
2000 Jan 1 04:01:39 [SRX5308] [wand] [IPSEC] IPSEC Restarted
2000 Jan 1 04:02:09 [SRX5308] [wand] [FW] Firewall Restarted
2000 Jan 1 04:02:29 [SRX5308] [IKE] IKE stopped_
2000 Jan 1 04:02:31 [SRX5308] [IKE] IKE started_
2000 Jan 1 04:02:31 [SRX5308] [wand] [IPSEC] IPSEC Restarted
2000 Jan 1 04:07:04 [SRX5308] [IKE] Adding IPSec configuration with identifier
"pol1"_
2000 Jan 1 04:07:04 [SRX5308] [IKE] Adding IKE configuration with identifier
"pol1"_
2000 Jan 1 04:13:39 [SRX5308] [IKE] Configuration found for 20.0.0.1[500]._
2000 Jan 1 04:13:39 [SRX5308] [IKE] Received request for new phase 1
negotiation: 20.0.0.2[500]<=>20.0.0.1[500]_
2000 Jan 1 04:13:39 [SRX5308] [IKE] Beginning Identity Protection mode._
2000 Jan 1 04:13:39 [SRX5308] [IKE] Received Vendor ID: RFC XXXX_
2000 Jan 1 04:13:39 [SRX5308] [IKE] Received Vendor ID: DPD_
2000 Jan 1 04:13:39 [SRX5308] [IKE] DPD is Enabled_
2000 Jan 1 04:13:39 [SRX5308] [IKE] For 20.0.0.1[500], Selected NAT-T version:
RFC XXXX_
2000 Jan 1 04:13:39 [SRX5308] [IKE] Setting DPD Vendor ID_
2000 Jan 1 04:13:39 [SRX5308] [IKE] Received Vendor ID: KAME/racoon_
2000 Jan 1 04:13:39 [SRX5308] [IKE] NAT-D payload matches for 20.0.0.2[500]_
2000 Jan 1 04:13:39 [SRX5308] [IKE] NAT-D payload matches for 20.0.0.1[500]_
2000 Jan 1 04:13:39 [SRX5308] [IKE] NAT not detected _
2000 Jan 1 04:13:39 [SRX5308] [IKE] ISAKMP-SA established for
20.0.0.2[500]-20.0.0.1[500] with spi:c56f7a1d42baf28a:68fcf85e3c148bd8_
2000 Jan 1 04:13:39 [SRX5308] [IKE] Sending Informational Exchange: notify
payload[INITIAL-CONTACT]_
Page 440 / 469
System Logs and Error Messages
440
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Messages 22 and 23
Messages 24 and 25
2000 Jan 1 04:13:40 [SRX5308] [IKE] Responding to new phase 2 negotiation:
20.0.0.2[0]<=>20.0.0.1[0]_
2000 Jan 1 04:13:40 [SRX5308] [IKE] Using IPSec SA configuration:
192.168.11.0/24<->192.168.10.0/24_
2000 Jan 1 04:13:41 [SRX5308] [IKE] IPSec-SA established: ESP/Tunnel
20.0.0.1->20.0.0.2 with spi=34046092(0x207808c)_
2000 Jan 1 04:13:41 [SRX5308] [IKE] IPSec-SA established: ESP/Tunnel
20.0.0.2->20.0.0.1 with spi=87179451(0x53240bb)_
Explanation
Message 1–5: IPSec, IKE, and VPN firewall restart.
Message 6–7: IPSec and IKE configurations are added with the identifier “pol1.”
Message 8–19: New phase 1 negotiation starts by determining the configuration for
the WAN host. Dead Peer Detection (DPD) is enabled and set. NAT payload
matching and NAT detection are done.
Message 20–21: ISAKMP-SA is established between the 2 WANs and information
is exchanged.
Message 22–23: New phase 2 negotiation starts by using IPSec SA configuration
pertaining to the LAN hosts.
Message 24–25: IPSec-SA VPN tunnel is established.
Recommended action
None
Table 123.
System logs: IPSec VPN tunnel, SA lifetime (150 sec in phase 1;
300 sec in phase 2), VPN tunnel is reestablished
Message 1
Messages 2 through 6
Message 7
Messages 8 through 11
2000 Jan 1 04:32:25 [SRX5308] [IKE] Sending Informational Exchange: delete
payload[]_
2000 Jan 1 04:32:25 [SRX5308] [IKE] purged IPSec-SA proto_id=ESP spi=
181708762._
2000 Jan 1 04:32:25 [SRX5308] [IKE] purged IPSec-SA proto_id=ESP spi=
153677140._
2000 Jan 1 04:32:25 [SRX5308] [IKE] an undead schedule has been deleted:
'pk_recvupdate'._
2000 Jan 1 04:32:25 [SRX5308] [IKE] IPSec configuration with identifier "pol1"
deleted successfully_
2000 Jan 1 04:32:25 [SRX5308] [IKE] no phase 2 bounded._
2000 Jan 1 04:32:25 [SRX5308] [IKE] Sending Informational Exchange: delete
payload[]_
2000 Jan 1 04:32:25 [SRX5308] [IKE] Purged ISAKMP-SA with spi=
d67f2be9ca0cb241:8a094623c6811286._
2000 Jan 1 04:32:25 [SRX5308] [IKE] an undead schedule has been deleted:
'purge_remote'._
2000 Jan 1 04:32:25 [SRX5308] [IKE] IKE configuration with identifier "pol1"
deleted successfully_
2000 Jan 1 04:32:25 [SRX5308] [IKE] Could not find configuration for
20.0.0.1[500]_
Table 122.
System logs: IPSec VPN tunnel, tunnel establishment (continued)

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top