326
Troubleshooting IKEv2
IKEv2 negotiation failed because no matching IKEv2
proposals were found
Symptom
The IKEv2 SA is in IN-NEGO status.
<Sysname> display ikev2 sa
Tunnel ID Local Remote Status
---------------------------------------------------------------------------
5 123.234.234.124/500 123.234.234.123/500 IN-NEGO
Status:
IN-NEGO: Negotiating, EST: Establish, DEL:Deleting
Analysis
Certain IKEv2 proposal settings are incorrect.
Solution
1. Examine the IKEv2 proposal configuration to see whether the two ends have matching IKEv2
proposals.
2. Modify the IKEv2 proposal configuration to make sure the two ends have matching IKEv2
proposals.
IPsec SA negotiation failed because no matching IPsec
transform sets were found
Symptom
The display ikev2 sa command shows that the IKEv2 SA negotiation succeeded and the IKEv2 SA
is in EST status. The display ipsec sa command shows that the expected IPsec SAs have not been
negotiated yet.
Analysis
Certain IPsec policy settings are incorrect.
Solution
1. Examine the IPsec configuration to see whether the two ends have matching IPsec transform
sets.
2. Modify the IPsec configuration to make sure the two ends have matching IPsec transform sets.
IPsec tunnel establishment failed
Symptom
The ACLs and IKEv2 proposals are correctly configured on both ends. The two ends cannot
establish an IPsec tunnel or cannot communicate through the established IPsec tunnel.
Analysis
The IKEv2 SA or IPsec SAs on either end are lost. The reason might be that the network is unstable
and the device reboots.
To Next Page
Loading...
Need help?
General