Given the screen configuration shown, the failure’s probable cause is:
A.
Packet 1 proposes either a subnet or host ID, an encryption and hash algorithm, and ID data.
B.
Packet 1 Proposes SA life Type , Sa Life Duration, Authentication and Encapsulation
Algorithm.
C.
Packet 1 proposes a symmetrical key.
D.
Packet 1 proposes a subnet and host ID, an encryption and hash algorithm.
In IkeView under the IP address of the peer, expand Quick Mode packet 1:
> “P2 Quick Mode ==>” for outgoing or “P2 Quick Mode QM Packet 1
> Security Association
> prop1 PROTO_IPSEC_ESP
> tran1 ESP_AES (for an AES encrypted tunnel)
You should be able to see the SA life Type, Duration, Authentication Alg, Encapsulation Mode and Key length.
If your encryption fails here, it is one of the above Phase II settings that needs to be looked at.
There are two ID fields in a QM packet. Under
> QM Packet 1
> ID
You should be able to see the initiators VPN Domain configuration including the type (ID_IPV4_ADDR_SUBNET) and data (ID Data field).
Under the second ID field you should be able to see the peers VPN Domain configuration.
Packet 2 from the responder agrees to its own subnet or host ID, encryption and hash algorithm.