These log messages refer to the IKE category.
2.23.1. [ID: 1694] Acquired address
- Log Categories
- IKE,IPSEC
- Log Message
- Acquired address.
- Default Log Severity
- Information
- Parameters
- ip, iface
- Explanation
- An internal address for the IPsec tunnel was succcessfully acquired from an IP pool.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.2. [ID: 1695] No IP pool for address request
- Log Categories
- IKE,IPSEC
- Log Message
- No IP pool for address request.
- Default Log Severity
- Information
- Parameters
- name, count, iface
- Explanation
- A suitable IP pool for aquiring an internal address for the IPsec tunnel was not found.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.3. [ID: 1713] Failed to release address
- Log Categories
- IKE,IPSEC
- Log Message
- Failed to release address.
- Default Log Severity
- Error
- Parameters
- ip, iface
- Explanation
- An internal address for the IPsec tunnel could not be returned back to the IP pool it was acquired from.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.4. [ID: 1691] Released address
- Log Categories
- IKE,IPSEC
- Log Message
- Released address.
- Default Log Severity
- Information
- Parameters
- ip, iface
- Explanation
- An internal address for the IPsec tunnel was returned back to the IPPool it was acquired from.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.5. [ID: 1690] Released address
- Log Categories
- IKE,IPSEC
- Log Message
- Released address.
- Default Log Severity
- Information
- Parameters
- ip, name
- Explanation
- An internal address for the IPsec tunnel was returned back to the IP pool it was acquired from.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.6. [ID: 1693] Requesting address
- Log Categories
- IKE,IPSEC
- Log Message
- Requesting address.
- Default Log Severity
- Information
- Parameters
- ip, iface
- Explanation
- The system is requesting an internal address for the IPsec tunnel from an IP pool.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.7. [ID: 1692] Address request failed
- Log Categories
- IKE,IPSEC
- Log Message
- Address request failed.
- Default Log Severity
- Warning
- Parameters
- ip, iface
- Explanation
- The system failed to acquire an internal address for the IPsec tunnel from an IP pool.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Refer to IP pool related logs and statistics for more information.
2.23.8. [ID: 1700] Failed to schedule auto-establishment of[...]
- Log Categories
- IKE,IPSEC
- Log Message
- Failed to schedule auto-establishment of IPsec tunnels.
- Default Log Severity
- Error
- Parameters
- reason
- Explanation
- The system failed to start IKE negotiations for IPsec tunnels configured for auto-establishment.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.9. [ID: 1061] Half open IKE SA limit exceeded
- Log Categories
- IKE
- Log Message
- Half open IKE SA limit exceeded.
- Default Log Severity
- Notice
- Parameters
- localip, localport, remoteip, remoteport, max
- Explanation
- The system has too many ongoing IKE negotiations. The limit can be adjusted with IKESettings:MaxNegotiations.
- Gateway Action
- Drop
- Action Description
- The IKE negotiation will be dropped
- Proposed Action
- None
2.23.10. [ID: 813] IKE Max SA Warning
- Log Categories
- IKE
- Log Message
- IKE Max SA Warning.
- Default Log Severity
- Warning
- Parameters
-
- Explanation
- Incoming IKE requests exceeded 90 percent of the allowed number of concurrent IKE SAs (license limitation).
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Add more hardware devices or extend your license to support more IKE SAs to secure that all incoming IKE requests can be properly
established.
2.23.11. [ID: 642] IKE negotiation failed
- Log Categories
- IKE,IPSEC
- Log Message
- IKE negotiation failed.
- Default Log Severity
- Notice
- Parameters
- localip, localport, remoteip, remoteport, localid, remoteid, localikespi, remoteikespi, initiator, algorithms, rekeytime,
reauthtime, ikeversion, reason, iface, recviface
- Explanation
- An IKE negotiation failed due to the reason specified. The IKE SA may be deleted as a result but that will be logged in another
log event.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Verify that the configuration on both peers are correct.
2.23.12. [ID: 419] Failed to establish IKE SA
- Log Categories
- IKE,IPSEC
- Log Message
- Failed to establish IKE SA.
- Default Log Severity
- Warning
- Parameters
- localip, localport, remoteip, remoteport, localid, remoteid, localikespi, remoteikespi, initiator, algorithms, rekeytime,
reauthtime, ikeversion, reason, iface, recviface
- Explanation
- An IKE SA could not be established between the two endpoints.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Verify the configuration of algorithms and authentication material on each endpoint.
2.23.13. [ID: 530] Successfully established IKE SA
- Log Categories
- IKE,IPSEC
- Log Message
- Successfully established IKE SA.
- Default Log Severity
- Notice
- Parameters
- localip, localport, remoteip, remoteport, localid, remoteid, localikespi, remoteikespi, initiator, algorithms, rekeytime,
reauthtime, ikeversion, iface, recviface
- Explanation
- An IKE SA was successfully established between the two endpoints.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.14. [ID: 590] Successfully deleted IKE SA
- Log Categories
- IKE,IPSEC
- Log Message
- Successfully deleted IKE SA.
- Default Log Severity
- Notice
- Parameters
- localip, localport, remoteip, remoteport, localid, remoteid, localikespi, remoteikespi, initiator, algorithms, rekeytime,
reauthtime, ikeversion, iface, recviface
- Explanation
- The IKE SA was successfully removed from the system.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.15. [ID: 161] Failed to rekey IKE SA
- Log Categories
- IKE,IPSEC
- Log Message
- Failed to rekey IKE SA.
- Default Log Severity
- Warning
- Parameters
- localip, localport, remoteip, remoteport, localid, remoteid, localikespi, remoteikespi, initiator, algorithms, rekeytime,
reauthtime, ikeversion, reason, iface, recviface
- Explanation
- Failed to derive a new IKE SA from an existing IKE SA.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Verify that each endpoint is able to perform rekey and that both use the same policy for Perfect Forward Secrecy (PFS).
2.23.16. [ID: 616] Successfully rekeyed IKE SA
- Log Categories
- IKE,IPSEC
- Log Message
- Successfully rekeyed IKE SA.
- Default Log Severity
- Notice
- Parameters
- localip, localport, remoteip, remoteport, localid, remoteid, localikespi, remoteikespi, oldlocalikespi, oldremoteikespi, initiator,
algorithms, rekeytime, reauthtime, ikeversion, iface, recviface
- Explanation
- A new IKE SA was successfully derived from an existing IKE SA.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.17. [ID: 556] Failed to create IPsec SA
- Log Categories
- IKE,IPSEC
- Log Message
- Failed to create IPsec SA.
- Default Log Severity
- Warning
- Parameters
- localip, remoteip, inboundspi, outboundspi, proto, localts, remotets, lifetime, localikespi, remoteikespi, algorithms, initiator,
reason, iface, recviface
- Explanation
- Failed to establish an IPsec SA between the two endpoints. The IPsec tunnel cannot be established.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Verify the configuration of the IPsec proposals and traffic selectors on both endpoints.
2.23.18. [ID: 155] Successfully created IPsec SA
- Log Categories
- IKE,IPSEC
- Log Message
- Successfully created IPsec SA.
- Default Log Severity
- Notice
- Parameters
- localip, remoteip, inboundspi, outboundspi, proto, localts, remotets, lifetime, localikespi, remoteikespi, algorithms, initiator,
iface, recviface
- Explanation
- An IPsec SA was successfully established between the two endpoints.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.19. [ID: 183] Successfully deleted IPsec SA
- Log Categories
- IKE,IPSEC
- Log Message
- Successfully deleted IPsec SA.
- Default Log Severity
- Notice
- Parameters
- localip, remoteip, inboundspi, outboundspi, proto, localts, remotets, lifetime, localikespi, remoteikespi, algorithms, initiator,
iface, recviface
- Explanation
- The IPsec SA was successfully removed from the system.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.20. [ID: 172] Failed to rekey IPsec SA
- Log Categories
- IKE,IPSEC
- Log Message
- Failed to rekey IPsec SA.
- Default Log Severity
- Notice
- Parameters
- localip, remoteip, inboundspi, outboundspi, proto, localts, remotets, lifetime, localikespi, remoteikespi, algorithms, initiator,
reason, iface, recviface
- Explanation
- Failed to derive a new IPsec SA. The IPsec tunnel will be torn down when the lifetime of the current IPsec SA expires.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.21. [ID: 628] Successfully rekeyed IPsec SA
- Log Categories
- IKE,IPSEC
- Log Message
- Successfully rekeyed IPsec SA.
- Default Log Severity
- Information
- Parameters
- localip, remoteip, inboundspi, outboundspi, oldinboundspi, oldoutboundspi, proto, localts, remotets, lifetime, localikespi,
remoteikespi, algorithms, initiator, iface, recviface
- Explanation
- Successfully derived a new IPsec SA.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.22. [ID: 1060] Job limit exceeded
- Log Categories
- IKE
- Log Message
- Job limit exceeded.
- Default Log Severity
- Warning
- Parameters
- localip, localport, remoteip, remoteport, max
- Explanation
- The IKE subsystem is currently overloaded. It could also be a sign that IKESettings:MaxJobs is set too low.
- Gateway Action
- Drop
- Action Description
- The IKE negotiation will be dropped
- Proposed Action
- None
2.23.23. [ID: 803] Peer is dead
- Log Categories
- IKE
- Log Message
- Peer is dead.
- Default Log Severity
- Notice
- Parameters
- localip, localport, remoteip, remoteport, localid, remoteid, localikespi, remoteikespi, initiator, ikeversion, iface, recviface
- Explanation
- The peer didn't respond to DPD. The IKE SA and its child SAs will be deleted.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.23.24. [ID: 1059] Peer too aggressive
- Log Categories
- IKE
- Log Message
- Peer too aggressive.
- Default Log Severity
- Notice
- Parameters
- localip, localport, remoteip, remoteport, max
- Explanation
- The peer has too many ongoing IKE negotiations. The limit can be adjusted with IKESettings:MaxPeerNegotiations.
- Gateway Action
- Drop
- Action Description
- The IKE negotiation will be dropped
- Proposed Action
- None
2.23.25. [ID: 1655] Failed to re-initialize dynamic rules
- Log Categories
- IKE,RULE
- Log Message
- Failed to re-initialize dynamic rules.
- Default Log Severity
- Critical
- Parameters
-
- Explanation
- The system failed to re-initialize dynamic rules to recover from an unexpected event. This may result in reduced functionality.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- The device might need to be manually restarted to get full functionality. This should be reported to the vendor of the device.
2.23.26. [ID: 1664] Failed to re-insert IKE rule
- Log Categories
- IKE
- Log Message
- Failed to re-insert IKE rule.
- Default Log Severity
- Error
- Parameters
- srcip, srcport, destip, destport
- Explanation
- The system failed to re-insert a dynamic rule to recover from an unexpected event. This may result in reduced functionality.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- The device might need to be manually restarted to get full functionality. This should be reported to the vendor of the device.
2.23.27. [ID: 770] IKE thread watchdog triggered
- Log Categories
- IKE
- Log Message
- IKE thread watchdog triggered. Was not able to process jobs for 30s. IKE daemon will be restarted.
- Default Log Severity
- Alert
- Parameters
-
- Explanation
- IKE daemon was not able to process tasks for 30s. IKE daemon will be restarted. All IKE negotiated IPsec tunnels will be taken
down.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Check for any new crashdumps and report the incident via your support channel.
2.23.28. [ID: 737] User logged out
- Log Categories
- IKE
- Log Message
- User logged out.
- Default Log Severity
- Notice
- Parameters
- userid, localikespi, remoteikespi
- Explanation
- User was logged out by the authentication system. Tunnels belonging to the user will be taken down.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
cOS Stream 4.00.03 Log Reference Guide
