1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 89
Page 441 / 469 Scroll up to view Page 436 - 440
System Logs and Error Messages
441
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Explanation
Message 1: Informational exchange for deleting the payload.
Message 2–6: Phase 2 configuration is purged and confirms that no phase 2 is
bounded.
Message 7: Informational exchange for deleting the payload.
Message 8–11: Phase 1 configuration.
The VPN tunnel is reestablished.
Recommended action
None
Table 124.
System logs: IPSec VPN tunnel, SA lifetime (150 sec in phase 1;
300 sec in phase 2), VPN tunnel not reestablished
Message
2000 Jan 1 04:52:33 [SRX5308] [IKE] Using IPSec SA configuration:
192.168.11.0/24<->192.168.10.0/24_
2000 Jan 1 04:52:33 [SRX5308] [IKE] Configuration found for 20.0.0.1._
2000 Jan 1 04:52:59 [SRX5308] [IKE] Phase 1 negotiation failed due to time up for
20.0.0.1[500]. b73efd188399b7f2:0000000000000000_
2000 Jan 1 04:53:04 [SRX5308] [IKE] Phase 2 negotiation failed due to time up
waiting for phase 1. ESP 20.0.0.1->20.0.0.2 _
2000 Jan 1 04:53:05 [SRX5308] [IKE] Using IPSec SA configuration:
192.168.11.0/24<->192.168.10.0/24_
2000 Jan 1 04:53:05 [SRX5308] [IKE] Configuration found for 20.0.0.1._
2000 Jan 1 04:53:05 [SRX5308] [IKE] Initiating new phase 1 negotiation:
20.0.0.2[500]<=>20.0.0.1[500]_
2000 Jan 1 04:53:05 [SRX5308] [IKE] Beginning Identity Protection mode._
2000 Jan 1 04:53:05 [SRX5308] [IKE] Setting DPD Vendor ID_
2000 Jan 1 04:53:36 [SRX5308] [IKE] Phase 2 negotiation failed due to time up
waiting for phase 1. ESP 20.0.0.1->20.0.0.2 _
Explanation
Phase 1 and phase 2 negotiations failed because of a mismatch of the WAN IP
address in the IPSec VPN policy and the WAN IP address of the remote host
attempting to establish the IPSec VPN tunnel.
Recommended action
None
Table 125.
System logs: IPSec VPN tunnel, Dead Peer Detection and keep-alive
(default 30
sec)
Messages 1 through 4
Message 5
Message 6
Message 7
2000 Jan 1 04:13:39 [SRX5308] [IKE] Received request for new phase 1
negotiation: 20.0.0.2[500]<=>20.0.0.1[500]_
2000 Jan 1 04:13:39 [SRX5308] [IKE] Beginning Identity Protection mode._
2000 Jan 1 04:13:39 [SRX5308] [IKE] Received Vendor ID: RFC XXXX_
2000 Jan 1 04:13:39 [SRX5308] [IKE] Received Vendor ID: DPD_
2000 Jan 1 04:13:39 [SRX5308] [IKE] DPD is Enabled_
2000 Jan 1 04:13:39 [SRX5308] [IKE] For 20.0.0.1[500], Selected NAT-T version:
RFC XXXX_
2000 Jan 1 04:13:39 [SRX5308] [IKE] Setting DPD Vendor ID_
Table 123.
System logs: IPSec VPN tunnel, SA lifetime (150 sec in phase 1;
300 sec in phase 2), VPN tunnel is reestablished (continued)
Page 442 / 469
System Logs and Error Messages
442
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Explanation
Message 1–4: After receiving a request for phase 1 negotiation, a Dead Peer
Detection Vendor ID is received.
Message 5: DPD is enabled.
Message 7: The DPD vendor ID is set.
Recommended action
None
Table 126.
System logs: IPSec VPN tunnel, Dead Peer Detection and keep-alive
(default 30
sec), VPN tunnel torn down
Message 1
Message 2
Message 3
2000 Jan 1 06:01:18 [SRX5308] [VPNKA] Keep alive to peer 192.168.10.2
failed 3 consecutive times and 5 times cumulative_
2000 Jan 1 06:01:19 [SRX5308] [IKE] DPD R-U-THERE sent to
"20.0.0.1[500]"_
2000 Jan 1 06:01:19 [SRX5308] [IKE] DPD R-U-THERE-ACK received from
"20.0.0.1[500]"_
Explanation
Message 1: When the remote host connection is removed and when there are
no packets from the remote host, the VPN firewall sends packets to keep the
remote host alive. As the connection itself is removed, keep-alive fails.
Message 2: The VPN firewall sends packets to check whether the peer is dead.
Message 3: The VPN firewall receives an acknowledgment that the peer is
dead. The connection is removed.
Recommended action
None
Table 127.
System logs: IPSec VPN tunnel, client policy, disconnection from the client side
Message
2000 Jan 1 02:34:45 [SRX5308] [IKE] Deleting generated policy for 20.0.0.1[0]_
2000 Jan 1 02:34:45 [SRX5308] [IKE] an undead schedule has been deleted:
'pk_recvupdate'._
2000 Jan 1 02:34:45 [SRX5308] [IKE] Purged IPSec-SA with proto_id=ESP and
spi=3000608295(0xb2d9a627)._
2000 Jan 1 02:34:45 [SRX5308] [IKE] Purged IPSec-SA with proto_id=ESP and
spi=248146076(0xeca689c)._
2000 Jan 1 02:34:45 [SRX5308] [IKE] Purged ISAKMP-SA with proto_id=ISAKMP
and spi=da1f2efbf0635943:4eb6fae677b2e4f4._
2000 Jan 1 02:34:46 [SRX5308] [IKE] ISAKMP-SA deleted for
20.0.0.2[500]-20.0.0.1[500] with spi:da1f2efbf0635943:4eb6fae677b2e4f4_
Explanation
Phase 2 and phase 1 policies are deleted when the client is disconnected.
Recommended action
None
Table 125.
System logs: IPSec VPN tunnel, Dead Peer Detection and keep-alive
(default 30
sec) (continued)
Page 443 / 469
System Logs and Error Messages
443
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
SSL VPN Logs
This section describes the log messages that are generated by SSL VPN policies.
Table 128.
System logs: IPSec VPN tunnel, client policy behind a NAT device
Message 3
Message 6
2000 Jan 1 01:54:21 [SRX5308] [IKE] Floating ports for NAT-T with peer
20.0.0.1[4500]_
2000 Jan 1 01:54:21 [SRX5308] [IKE] NAT-D payload matches for
20.0.0.2[4500]_
2000 Jan 1 01:54:21 [SRX5308] [IKE] NAT-D payload does not match for
20.0.0.1[4500]_
2000 Jan 1 01:54:21 [SRX5308] [IKE] Ignore REPLAY-STATUS notification
from 20.0.0.1[4500]._
2000 Jan 1 01:54:21 [SRX5308] [IKE] Ignore INITIAL-CONTACT notification
from 20.0.0.1[4500] because it is only accepted after phase 1._
2000 Jan 1 01:54:21 [SRX5308] [IKE] NAT detected: Peer is behind a NAT
device_
Explanation
These logs are generated when the remote WAN host is connected through a
device such as the VPN firewall. NAT is detected before phase 1 is established.
Message 3: NAT-D does not match the remote host.
Message 6: The VPN firewall confirms that the remote host or the peer is
behind a NAT device.
Recommended action
None
Table 129.
System logs: SSL VPN tunnel, WAN host and interface
Message
2000 Jan 1 03:44:55 [SRX5308] [sslvpntunnel]
id=SRX5308 time="2000-1-1 3:44:55" fw=20.0.0.2 pri=6 rule=access-policy proto=
"SSL VPN Tunnel" src=20.0.0.1 user=sai dst=20.0.0.2 arg="" op="" result="" rcvd=
"" msg="SSL VPN Tunnel"
Explanation
An SSL VPN tunnel is established for ID SRX5308 with the WAN host 20.0.0.1
through WAN interface 20.0.0.2 and logged in with the user name “sai.”
Recommended action
None
Table 130.
System logs: VPN log messages, port forwarding, WAN host and interface
Message
2000 Jan 1 01:30:08 [SRX5308] [portforwarding]
id=SRX5308 time="2000-1-1 1:30: 8" fw=20.0.0.2 pri=6 rule=access-policy proto=
"Port Forwarding" src=20.0.0.1 user=sai dst=20.0.0.2 arg="" op="" result="" rcvd=""
msg="Port Forwarding"
Explanation
An SSL VPN tunnel through port forwarding is established for ID SRX5308 with the
WAN host 20.0.0.1 through WAN interface 20.0.0.2 and logged in with the user
name “sai.”
Recommended action
None
Page 444 / 469
System Logs and Error Messages
444
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Traffic Meter Logs
Routing Logs
LAN to WAN Logs
LAN to DMZ Logs
DMZ to WAN Logs
WAN to LAN Logs
DMZ to LAN Logs
WAN to DMZ Logs
This section explains the logging messages for the various network segments (such as LAN
to WAN) for
debugging purposes. These logs might generate a significant volume of
messages.
Table 131.
System logs: VPN log messages, port forwarding, LAN host and interface
Message
2000 Jan 1 01:35:41 [SRX5308] [portforwarding]
id=SRX5308 time="2000-1-1 1:35:41" fw=192.168.11.1 pri=6 rule=access-policy
proto="Virtual Transport (Java)" src=192.168.11.2 user=sai dst=192.168.11.1 arg=
"" op="" result="" rcvd="" msg="Virtual Transport (Java)"
Explanation
An SSL VPN tunnel through port forwarding is established for ID SRX5308 from the
LAN host 192.168.11.2 with interface 192.168.11.1 and logged in with the user
name “sai.”
Recommended action
None
Table 132.
System logs: traffic meter
Message
Jan 23 19:03:44 [TRAFFIC_METER] TRAFFIC_METER: Monthly Limit of 10 MB
has reached for WAN1._
Explanation
Traffic limit to WAN1 that was set as 10 Mb has been reached.
This stops all the incoming and outgoing traffic, that is, if you selected the
Block All
Traffic
radio button in the When Limit is Reached section on the WAN TrafficMeter
screen.
Recommended action
To start the traffic, restart the traffic limit counter.
Page 445 / 469
System Logs and Error Messages
445
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
LAN to WAN Logs
LAN to DMZ Logs
DMZ to WAN Logs
WAN to LAN Logs
Table 133.
Routing logs: LAN to WAN
Message
Nov 29 09:19:43 [SRX5308] [kernel] LAN2WAN[ACCEPT] IN=LAN OUT=WAN
SRC=192.168.10.10 DST=72.14.207.99 PROTO=ICMP TYPE=8 CODE=0
Explanation
This packet from LAN to WAN has been allowed by the firewall.
For other settings, see
Table
106
on page
431.
Recommended action
None
Table 134.
Routing logs: LAN to DMZ
Message
Nov 29 09:44:06 [SRX5308] [kernel] LAN2DMZ[ACCEPT] IN=LAN OUT=DMZ
SRC=192.168.10.10 DST=192.168.20.10 PROTO=ICMP TYPE=8 CODE=0
Explanation
This packet from LAN to DMZ has been allowed by the firewall.
For other settings, see
Table
106
on page
431.
Recommended action
None
Table 135.
Routing logs: DMZ to WAN
Message
Nov 29 09:19:43 [SRX5308] [kernel] DMZ2WAN[DROP] IN=DMZ OUT=WAN
SRC=192.168.20.10 DST=72.14.207.99 PROTO=ICMP TYPE=8 CODE=0
Explanation
This packet from DMZ to WAN has been dropped by the firewall.
For other settings, see
Table
106
on page
431.
Recommended action
None
Table 136.
Routing logs: WAN to LAN
Message
Nov 29 10:05:15 [SRX5308] [kernel] WAN2LAN[ACCEPT] IN=WAN OUT=LAN
SRC=192.168.1.214 DST=192.168.10.10 PROTO=ICMP TYPE=8 CODE=0
Explanation
This packet from LAN to WAN has been allowed by the firewall.
For other settings, see
Table
106
on page
431.
Recommended action
None

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top