Verifying The Configuration; Troubleshooting Ike; Ike Negotiation Failed Because No Matching Ike Proposals Were Found; Ike Negotiation Failed Because No Ike Proposals Or Ike Keychains Are Referenced Correctly - HPE FlexFabric 7900 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 7900 Series:
- Layer 3 ip routing command reference (414 pages) ,
- Security configuration manual (323 pages) ,
- Security command reference (320 pages)
Table of Contents
Advertisement
[SwitchB-ipsec-policy-isakmp-use1-10] ike-profile profile1
[SwitchB-ipsec-policy-isakmp-use1-10] quit
# Specify the card in slot 1 to forward the traffic for VLAN-interface 1.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] service slot 1
# Apply IPsec policy use1 to VLAN-interface 1.
[SwitchB-Vlan-interface1] ipsec apply policy use1
Verifying the configuration
When there is traffic between Switch A and Switch B, IKE negotiation is triggered.
Troubleshooting IKE
IKE negotiation failed because no matching IKE proposals
were found
Symptom
1.
The IKE SA is in Unknown state.
<Sysname> display ike sa
Connection-ID
------------------------------------------------------------------
1
Flags:
RD--READY RL--REPLACED FD-FADING
2.
When IKE event debugging and packet debugging are enabled, the following messages
appear:
IKE event debugging message:
The attributes are unacceptable.
IKE packet debugging message:
Construct notification packet: NO_PROPOSAL_CHOSEN.
Analysis
Certain IKE proposal settings are incorrect.
Solution
1.
Examine the IKE proposal configuration to see whether the two ends have matching IKE
proposals.
2.
Modify the IKE proposal configuration to make sure the two ends have matching IKE proposals.
IKE negotiation failed because no IKE proposals or IKE
keychains are referenced correctly
Symptom
1.
The IKE SA is in Unknown state.
<Sysname> display ike sa
Connection-ID
Remote
192.168.222.5
Remote
138
Flag
DOI
Unknown
IPSEC
Flag
DOI
Advertisement
Table of Contents
Troubleshooting
