What Does the Log Viewer Message 'inbound packet failed authentication' Mean? (KB ID: KB5692)
| Article ID: | KB5692 |
|---|---|
| Former Article ID: | nskb301 |
| Published: | Jul 31, 2007 |
| Last Modified: | Jul 31, 2007 |
| Visible By: | Employee, PTAC, Partner, Customer, Public |
Back to Previous Page | Knowledge Base Home
Article URL
Synopsis
What Does the Log Viewer Message 'inbound packet failed authentication' Mean?
Problem
Environment:
- NetScreen configured with Dial Up VPN
- VPN Monitor enabled on NetScreen
- Pre-shared IKE VPN
Symptoms & Errors:
- Log Viewer Message: inbound packet failed authentication
Solution
An inbound packet failed authentication message occurs in the Log Viewer when there is a NetScreen device to a non-NetScreen device VPN or a NetScreen-Remote VPN to a NetScreen device configured with VPN Monitor.
In ScreenOS 4.0.0, a NetScreen VPN Monitor heartbeat message will be understood by NetScreen-Remote; provided the NetScreen-Remote client does not reside behind a NAT device. This is because the VPN Monitor is not supported with NAT traversal.
To enable VPN Monitor interoperability with NetScreen-Remote or any non-NetScreen device, perform the following steps:
Open the CLI. For more information on how to open the CLI, go to Accessing the Command Line Interface Using Telnet.
Enter:
In this example, e1 represents the trust interface that the NetScreen-Remote is connecting to. This is important for Global Pro, as it will now be able to track VPN uptime with Report Manager.
In ScreenOS 3.1.0 and below, the NetScreen device will send a VPN Monitor heartbeat packet to NetScreen-Remote. However, the NetScreen-Remote is unable to interpret the packet. Disabling the VPN Monitor on the NetScreen will eliminate these messages.
Category Description
By Product » Software » Network Operating Systems » ScreenOS Software
By Network Technology » IP Protocols » Tunneling Protocols » IPSec
By Network Technology » Non-IP Protocols » Security » Authentication
Purpose
Troubleshooting