Understanding VPN related logs

This section provides some IPsec log samples.

IPsec phase1 negotiating
logid="0101037127" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132571 logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=11.101.1.1
locip=173.1.1.1 remport=500 locport=500 outintf="port13" cookies="e41eeecb2c92b337/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="to_HQ" status="success" init="local" mode="aggressive" dir="outbound" stage=1 role="initiator" result="OK"
IPsec phase1 negotiated
logid="0101037127" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132571 logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=11.101.1.1
locip=173.1.1.1 remport=500 locport=500 outintf="port13" cookies="e41eeecb2c92b337/1230131a28eb4e73" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="to_HQ" status="success" init="local"
mode="aggressive" dir="outbound" stage=2 role="initiator" result="DONE"
IPsec phase1 tunnel up
logid="0101037138" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132604 logdesc="IPsec connection status changed" msg="IPsec connection status change" action="tunnel-up" remip=11.101.1.1 locip=173.1.1.1 remport=500 locport=500 outintf="port13" cookies="5b1c59fab2029e43/bf517e686d3943d2" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=11.11.11.1 vpntunnel="to_HQ" tunnelip=N/A tunnelid=1530910918 tunneltype="ipsec" duration=0 sentbyte=0 rcvdbyte=0 nextstat=0
IPsec phase2 negotiate
logid="0101037129" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132604 logdesc="Progress IPsec phase 2" msg="progress IPsec phase 2" action="negotiate" remip=11.101.1.1
locip=173.1.1.1 remport=500 locport=500 outintf="port13" cookies="5b1c59fab2029e43/bf517e686d3943d2" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=11.11.11.1 vpntunnel="to_HQ" status="success" init="local"
mode="quick" dir="outbound" stage=1 role="initiator" result="OK"
IPsec phase2 tunnel up
logid="0101037139" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132604 logdesc="IPsec phase 2 status changed" msg="IPsec phase 2 status change" action="phase2-up"
remip=11.101.1.1 locip=173.1.1.1 remport=500 locport=500 outintf="port13" cookies="5b1c59fab2029e43/bf517e686d3943d2" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=11.11.11.1 vpntunnel="to_HQ"
phase2_name="to_HQ"
IPsec phase2 sa install
logid="0101037133" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132604 logdesc="IPsec SA installed" msg="install IPsec SA" action="install_sa" remip=11.101.1.1 locip=173.1.1.1
remport=500 locport=500 outintf