305
IKE packet debugging message:
Construct notification packet: PAYLOAD_MALFORMED.
Analysis
• If the following debugging information appeared, the matched IKE profile is not using the
matched IKE proposal:
Failed to find proposal 1 in profile profile1.
• If the following debugging information appeared, the matched IKE profile is not using the
matched IKE keychain:
Failed to find keychain keychain1 in profile profile1.
Solution
• Verify that the matched IKE proposal (IKE proposal 1 in this debugging message example) is
specified for the IKE profile (IKE profile 1 in the example).
• Verify that the matched IKE keychain (IKE keychain 1 in this debugging message example) is
specified for the IKE profile (IKE profile 1 in the example).
IPsec SA negotiation failed because no matching IPsec
transform sets were found
Symptom
1. The display ike sa command shows that the IKE SA negotiation succeeded and the IKE SA is
in RD state, but the display ipsec sa command shows that the expected IPsec SA has not
been negotiated yet.
2. The following IKE debugging message appeared:
The attributes are unacceptable.
Or:
Construct notification packet: NO_PROPOSAL_CHOSEN.
Analysis
Certain IPsec policy settings are incorrect.
Solution
1. Examine the IPsec configuration to see whether the two ends have matching IPsec transform
sets.
2. Modify the IPsec configuration to make sure the two ends have matching IPsec transform sets.
IPsec SA negotiation failed due to invalid identity information
Symptom
1. The display ike sa command shows that the IKE SA negotiation succeeded and the IKE SA is
in RD state, but the display ipsec sa command shows that the expected IPsec SA has not
been negotiated yet.
2. The following IKE debugging message appeared:
Notification INVALID_ID_INFORMATION is received.
Or:
Failed to get IPsec policy when renegotiating IPsec SA. Delete IPsec SA.
Construct notification packet: INVALID_ID_INFORMATION.
To Next Page
Loading...
Need help?
General