03-05-2024 04:11 PM
using Ikev2, phase 1 comes up with no issues.
PA side is getting "NO_PROPOSAL_CHOSEN".
ASA side is getting "IKEv2 Negotiation aborted due to ERROR: Failed to find a matching policy".
All our phase1 and phase2 match.
yes, PRF is set, I have PRF set for Sha256.
Does the PA need to set a value for their PRF? I don't recall it does
Suggestions?
03-05-2024 10:38 PM - edited 03-06-2024 08:30 AM
debug crypto ikev2 platform 127
share this if you sure that phaseI is ok if not share alos below
debug crypto ikev2 protocol 127
please do debug one by one not both in same time, to make us know this packet for which phase
MHM
03-06-2024 08:28 AM
will do when I get some traffic initiated from the other side. This is a pull from other side.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide