06-22-2019 08:52 PM - edited 02-21-2020 09:41 PM
Hi all,
I would like to ask about Gre over IPsec Tunnel.I got the IPsec is working in one day issue.it is so strange for me.
If i create new tunnel and initiate each other and work properly.But next day ( arroung 15 hours) tunnel is down and never come up.it is always show Phase one problem.it is always show phase 1 problem.But i confuse why this error didn't show when i deployed.This error show in next day and tunnel is never come up later.
i always see as below error this error mean phaes 1 error ,correct ?
I am using standalone CA.
The policy's acl or ike profile does not match the flow
Solved! Go to Solution.
06-24-2019 12:34 AM
Hi,
As it is using RSA KEY and I found below error messages:
Failed to construct certificate request payload.
*Jun 20 14:57:05:289 2019 Branch_R1 IKE/7/ERROR: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Failed to negotiate IKE SA.
!
*Jun 20 14:57:05:265 2019 Branch_R1 IKE/7/EVENT: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Pre-shared key matching address 192.168.1.2 not found
Please share your configuration and check the RSA keys as certificate and ROOT.
Regards,
Deepak Kumar
06-22-2019 09:35 PM
06-23-2019 12:39 AM
Hi,
We need complete debug output and configuration to understand the better.
There are some misleading details in the questions as Is it IPSec connection or SSL?
06-23-2019 11:43 PM
Hi,
Please see below attachment of debugging log.
I saw "Failed to construct certificate request payload " .Let me know it is this issue ?
06-23-2019 11:43 PM
Hi,
Please see below attachment of debugging log.
I saw "Failed to construct certificate request payload " .Let me know it is this issue ?
06-24-2019 12:34 AM
Hi,
As it is using RSA KEY and I found below error messages:
Failed to construct certificate request payload.
*Jun 20 14:57:05:289 2019 Branch_R1 IKE/7/ERROR: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Failed to negotiate IKE SA.
!
*Jun 20 14:57:05:265 2019 Branch_R1 IKE/7/EVENT: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Pre-shared key matching address 192.168.1.2 not found
Please share your configuration and check the RSA keys as certificate and ROOT.
Regards,
Deepak Kumar
06-24-2019 02:05 AM
06-24-2019 11:36 PM
07-07-2019 07:39 PM
Hi,
I solved now. I upgrade the firmware . it is ok .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide