user@R1> show log ike-trace Jun 13 07:45:10 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library Jun 13 07:45:10 ike_get_s

user@R1> show log ike-trace
Jun 13 07:45:10 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
Jun 13 07:45:10 ike_get_s

user@R1> show log ike-trace
Jun 13 07:45:10 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
Jun 13 07:45:10 ike_get_s

A.
Start, SA = { 7fd86fbe 8a99c1f6 – 00000000 00000000 } / 00000000,
remote = 184.0.15.2:500
Jun 13 07:45:10 ike_sa_allocate: Start, SA = { 7fd86fbe 8a99c1f6 – a1bc3f1d e2a45308 }
Jun 13 07:45:10 ike_init_isakmp_sA. Start, remote = 184.0.15.2:500, initiator = 0
Jun 13 07:45:10 ike_decode_packet: Start
Jun 13 07:45:10 ike_decode_packet: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733} /
00000000, nego = -1
Jun 13 07:45:10 ike_decode_payload_sA. Start
Jun 13 07:45:10 ike_decode_payload_t: Start, # trans = 1
Jun 13 07:45:10 ike_decode_payload_t: Start, # trans = 1
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = afcad713 68a1f1c9 …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 27bab5dc 01ea0760 …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 6105c422 e76847e4 …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 4485152d 18b6bbcd …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = cd604643 35df21f8 …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 90cb8091 3ebb696e …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 7d9419a6 5310ca6f …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 4a131c81 07035845 …
Jun 13 07:45:10 ike_st_i_viD. VID[0..28] = 69936922 8741c6d4 …
Jun 13 07:45:10 ike_st_i_sa_proposal: Start

Jun 13 07:45:10 P1 SA payload match failed for sa-cfg to-R2. Abortingnegotiation for tunnel type 2
local:184.0.15.1 remote:184.0.15.2 IKEv1.
Jun 13 07:45:10 iked_pm_ike_spd_select_ike_sa failed. rc 1, error_code: No proposal chosen Jun 13
07:45:10 ikev2_fb_spd_select_sa_cB. IKEv2 SA select failed with error No proposal chosen (neg
a7e800)
Jun 13 07:45:10 ike_isakmp_sa_reply: Start
Jun 13 07:45:10 ike_state_restart_packet: Start, restart packet SA = { 7fd86fbe 8a99c1f6 -b8f95b2e
f92ca733}, nego = -1
Jun 13 07:45:10 ike_st_i_sa_proposal: Start
Jun 13 07:45:10 ike_st_i_cr: Start
Jun 13 07:45:10 ike_st_i_cert: Start
Jun 13 07:45:10 ike_st_i_private: Start
Jun 13 07:45:10 ike_st_o_sa_values: Start
Jun 13 07:45:10 184.0.15.1:500 (Responder) -> 184.0.15.2:500 { 7fd86fbe 8a99c1f6 – b8f95b2e
f92ca733 [-1] / 0x00000000 } IP; Error = No proposal chosen (14)
Jun 13 07:45:10 ike_alloc_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733}
Jun 13 07:45:10 ike_encode_packet: Start, SA = { 0x7fd86fbe 8a99c1f6 – b8f95b2e f92ca733 } /
b20d590c, nego = 0
Jun 13 07:45:10 ike_send_packet: Start, send SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733},
nego = 0, dst = 184.0.15.2:500, routing table id = 0
Jun 13 07:45:10 ike_delete_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733},
nego = 0
Jun 13 07:45:10 ike_free_negotiation_info: Start, nego = 0
Jun 13 07:45:10 ike_free_negotiation: Start, nego = 0
Jun 13 07:45:10 IKE negotiation fail for local:184.0.15.1, remote:184.0.15.2 IKEv1 with status: No
proposal chosen
Jun 13 07:45:10 IKEv1 Error : No proposal chosen
Jun 13 07:45:40 P1 SA 3770105 timer expiry. ref cnt 1, timer reason Force delete timer expired
(1), flags 0x330.
Jun 13 07:45:40 iked_pm_ike_sa_delete_done_cB. For p1 sa index 3770105, ref cnt 1, status:
Error ok
Jun 13 07:45:40 ike_remove_callback: Start, delete SA = { 7fd86fbe 8a99c1f6 – b8f95b2e
f92ca733}, nego = -1
Jun 13 07:45:40 ike_delete_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733},
nego = -1
Jun 13 07:45:40 ssh_ike_tunnel_table_entry_delete: Deleting tunnel_iD. 0 from IKE tunnel table
Jun 13 07:45:40 ssh_ike_tunnel_table_entry_delete: The tunnel iD. 0 doesn’t exist in IKE tunnel
table
Jun 13 07:45:40 ike_sa_delete: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733 }
Jun 13 07:45:40 ike_free_negotiation_isakmp: Start, nego = -1
Jun 13 07:45:40 ike_free_negotiation: Start, nego = -1
Jun 13 07:45:40 IKE SA delete called for p1 sa 3770105 (ref cnt 1) local:184.0.15.1,
remote:184.0.15.2, IKEv1
Jun 13 07:45:40 iked_pm_p1_sa_destroy: p1 sa 3770105 (ref cnt 0), waiting_for_del 0x0 Jun 13
07:45:40 ike_free_sa. Start
You are asked to troubleshoot a new IPsec VPN between R1 and R2 that is not coming up. You have
captured the traceoptions output shown in the Above. What is the reason for the problem?

IKE Phase 2 proposal mismatch

A.
Start, SA = { 7fd86fbe 8a99c1f6 – 00000000 00000000 } / 00000000,
remote = 184.0.15.2:500
Jun 13 07:45:10 ike_sa_allocate: Start, SA = { 7fd86fbe 8a99c1f6 – a1bc3f1d e2a45308 }
Jun 13 07:45:10 ike_init_isakmp_sA. Start, remote = 184.0.15.2:500, initiator = 0
Jun 13 07:45:10 ike_decode_packet: Start
Jun 13 07:45:10 ike_decode_packet: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733} /
00000000, nego = -1
Jun 13 07:45:10 ike_decode_payload_sA. Start
Jun 13 07:45:10 ike_decode_payload_t: Start, # trans = 1
Jun 13 07:45:10 ike_decode_payload_t: Start, # trans = 1
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = afcad713 68a1f1c9 …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 27bab5dc 01ea0760 …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 6105c422 e76847e4 …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 4485152d 18b6bbcd …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = cd604643 35df21f8 …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 90cb8091 3ebb696e …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 7d9419a6 5310ca6f …
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 4a131c81 07035845 …
Jun 13 07:45:10 ike_st_i_viD. VID[0..28] = 69936922 8741c6d4 …
Jun 13 07:45:10 ike_st_i_sa_proposal: Start

Jun 13 07:45:10 P1 SA payload match failed for sa-cfg to-R2. Abortingnegotiation for tunnel type 2
local:184.0.15.1 remote:184.0.15.2 IKEv1.
Jun 13 07:45:10 iked_pm_ike_spd_select_ike_sa failed. rc 1, error_code: No proposal chosen Jun 13
07:45:10 ikev2_fb_spd_select_sa_cB. IKEv2 SA select failed with error No proposal chosen (neg
a7e800)
Jun 13 07:45:10 ike_isakmp_sa_reply: Start
Jun 13 07:45:10 ike_state_restart_packet: Start, restart packet SA = { 7fd86fbe 8a99c1f6 -b8f95b2e
f92ca733}, nego = -1
Jun 13 07:45:10 ike_st_i_sa_proposal: Start
Jun 13 07:45:10 ike_st_i_cr: Start
Jun 13 07:45:10 ike_st_i_cert: Start
Jun 13 07:45:10 ike_st_i_private: Start
Jun 13 07:45:10 ike_st_o_sa_values: Start
Jun 13 07:45:10 184.0.15.1:500 (Responder) -> 184.0.15.2:500 { 7fd86fbe 8a99c1f6 – b8f95b2e
f92ca733 [-1] / 0x00000000 } IP; Error = No proposal chosen (14)
Jun 13 07:45:10 ike_alloc_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733}
Jun 13 07:45:10 ike_encode_packet: Start, SA = { 0x7fd86fbe 8a99c1f6 – b8f95b2e f92ca733 } /
b20d590c, nego = 0
Jun 13 07:45:10 ike_send_packet: Start, send SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733},
nego = 0, dst = 184.0.15.2:500, routing table id = 0
Jun 13 07:45:10 ike_delete_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733},
nego = 0
Jun 13 07:45:10 ike_free_negotiation_info: Start, nego = 0
Jun 13 07:45:10 ike_free_negotiation: Start, nego = 0
Jun 13 07:45:10 IKE negotiation fail for local:184.0.15.1, remote:184.0.15.2 IKEv1 with status: No
proposal chosen
Jun 13 07:45:10 IKEv1 Error : No proposal chosen
Jun 13 07:45:40 P1 SA 3770105 timer expiry. ref cnt 1, timer reason Force delete timer expired
(1), flags 0x330.
Jun 13 07:45:40 iked_pm_ike_sa_delete_done_cB. For p1 sa index 3770105, ref cnt 1, status:
Error ok
Jun 13 07:45:40 ike_remove_callback: Start, delete SA = { 7fd86fbe 8a99c1f6 – b8f95b2e
f92ca733}, nego = -1
Jun 13 07:45:40 ike_delete_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733},
nego = -1
Jun 13 07:45:40 ssh_ike_tunnel_table_entry_delete: Deleting tunnel_iD. 0 from IKE tunnel table
Jun 13 07:45:40 ssh_ike_tunnel_table_entry_delete: The tunnel iD. 0 doesn’t exist in IKE tunnel
table
Jun 13 07:45:40 ike_sa_delete: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733 }
Jun 13 07:45:40 ike_free_negotiation_isakmp: Start, nego = -1
Jun 13 07:45:40 ike_free_negotiation: Start, nego = -1
Jun 13 07:45:40 IKE SA delete called for p1 sa 3770105 (ref cnt 1) local:184.0.15.1,
remote:184.0.15.2, IKEv1
Jun 13 07:45:40 iked_pm_p1_sa_destroy: p1 sa 3770105 (ref cnt 0), waiting_for_del 0x0 Jun 13
07:45:40 ike_free_sa. Start
You are asked to troubleshoot a new IPsec VPN between R1 and R2 that is not coming up. You have
captured the traceoptions output shown in the Above. What is the reason for the problem?

IKE Phase 2 proposal mismatch

B.
IKE preshared key mismatch

C.
IKE Phase 1 proposal mismatch

D.
IKE Phase 1 mode mismatch



Leave a Reply 0

Your email address will not be published. Required fields are marked *