cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
213
Views
0
Helpful
0
Replies
bluesea2010
Enthusiast

Failed to find a matching policy-vpn

Hi,

debug output of ikev2 protocol  a site to stie vpn  

 

(9666): Decrypted packet:(9666): Data: 416 bytes
IKEv2-PROTO-5: (9666): SM Trace-> SA: I_SPI=806D92D10C38B4AC R_SPI=E1C56F198E51D73E (R) MsgID = 00000355 CurState: READY Event: EV_RECV_CREATE_CHILD
IKEv2-PROTO-5: (9666): Action: Action_Null
IKEv2-PROTO-5: (9666): SM Trace-> SA: I_SPI=806D92D10C38B4AC R_SPI=E1C56F198E51D73E (R) MsgID = 00000355 CurState: CHILD_R_INIT Event: EV_RECV_CREATE_CHILD
IKEv2-PROTO-5: (9666): Action: Action_Null
IKEv2-PROTO-5: (9666): SM Trace-> SA: I_SPI=806D92D10C38B4AC R_SPI=E1C56F198E51D73E (R) MsgID = 00000355 CurState: CHILD_R_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-2: (9666): Validating create child message
IKEv2-PROTO-5: (9666): SM Trace-> SA: I_SPI=806D92D10C38B4AC R_SPI=E1C56F198E51D73E (R) MsgID = 00000355 CurState: CHILD_R_INIT Event: EV_CHK_CC_TYPE
IKEv2-PROTO-2: (9666): Check for create child response message type
IKEv2-PROTO-5: (9666): SM Trace-> SA: I_SPI=806D92D10C38B4AC R_SPI=E1C56F198E51D73E (R) MsgID = 00000355 CurState: CHILD_R_IPSEC Event: EV_REKEY_IPSECSA
IKEv2-PROTO-2: (9666): Beginning IPSec Rekey as Responder
IKEv2-PROTO-5: (9666): SM Trace-> SA: I_SPI=806D92D10C38B4AC R_SPI=E1C56F198E51D73E (R) MsgID = 00000355 CurState: CHILD_R_IPSEC Event: EV_PROC_MSG
IKEv2-PROTO-2: (9666): Processing CREATE_CHILD_SA exchange
IKEv2-PROTO-1: (9666): Failed to find a matching policy
IKEv2-PROTO-1: (9666): Received Policies:
IKEv2-PROTO-1: (9666): Failed to find a matching policy
IKEv2-PROTO-1: (9666): Expected Policies:
IKEv2-PROTO-5: (9666): Failed to verify the proposed policies
IKEv2-PROTO-1: (9666): Failed to find a matching policy
IKEv2-PROTO-1: (9666):
IKEv2-PROTO-5: (9666): SM Trace-> SA: I_SPI=806D92D10C38B4AC R_SPI=E1C56F198E51D73E (R) MsgID = 00000355 CurState: CHILD_R_IPSEC Event: EV_NO_PROP_CHOSEN
IKEv2-PROTO-2: (9666): Sending no proposal chosen notify
IKEv2-PROTO-2: (9666): Building packet for encryption.
(9666):
Payload contents:
(9666): NOTIFY(NO_PROPOSAL_CHOSEN)(9666): Next payload: NONE, reserved: 0x0, length: 8
(9666): Security protocol id: ESP, spi size: 0, type: NO_PROPOSAL_CHOSEN
IKEv2-PROTO-5: (9666): SM Trace-> SA: I_SPI=806D92D10C38B4AC R_SPI=E1C56F198E51D73E (R) MsgID = 00000355 CurState: CHILD_R_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-2: (9666): Validating create child message
IKEv2-PROTO-5: (9666): SM Trace-> SA: I_SPI=806D92D10C38B4AC R_SPI=E1C56F198E51D73E (R) MsgID = 00000355 CurState: CHILD_R_INIT Event: EV_CHK_CC_TYPE
IKEv2-PROTO-2: (9666): Check for create child response message type
IKEv2-PROTO-5: (9666): SM Trace-> SA: I_SPI=806D92D10C38B4AC R_SPI=E1C56F198E51D73E (R) MsgID = 00000355 CurState: CHILD_R_IPSEC Event: EV_REKEY_IPSECSA
IKEv2-PROTO-2: (9666): Beginning IPSec Rekey as Responder
IKEv2-PROTO-5: (9666): SM Trace-> SA: I_SPI=806D92D10C38B4AC R_SPI=E1C56F198E51D73E (R) MsgID = 00000355 CurState: CHILD_R_IPSEC Event: EV_PROC_MSG
IKEv2-PROTO-2: (9666): Processing CREATE_CHILD_SA exchange
IKEv2-PROTO-1: (9666): Failed to find a matching policy
IKEv2-PROTO-1: (9666): Received Policies:
IKEv2-PROTO-1: (9666): Failed to find a matching policy
IKEv2-PROTO-1: (9666): Expected Policies:
IKEv2-PROTO-5: (9666): Failed to verify the proposed policies
IKEv2-PROTO-1: (9666): Failed to find a matching policy
IKEv2-PROTO-1: (9666):
IKEv2-PROTO-5: (9666): SM Trace-> SA: I_SPI=806D92D10C38B4AC R_SPI=E1C56F198E51D73E (R) MsgID = 00000355 CurState: CHILD_R_IPSEC Event: EV_NO_PROP_CHOSEN
IKEv2-PROTO-2: (9666): Sending no proposal chosen notify
IKEv2-PROTO-2: (9666): Building packet for encryption.

 

How to find the policy which is not matching 

 

Thanks 

0 REPLIES 0
Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (39%)

Content for Community-Ad