This Proxy ID issue won't be visible in a packet capture (unless pcap is manually decrypted), so it is best to just use CLI commands / checking both sides' configurations manually to identify and resolve any incorrect Proxy ID entries.>less mp-log ikemgr.log showing "TS 0: match fail:".
>less mp-log ikemgr.log showing "TS matching result: TS_l mismatch(!=), TS_r mismatch(!=)".>less mp-log ikemgr.log showing "ts unacceptable".CLI show command outputs on the two peer firewalls show that the Proxy ID entries are not an exact mirror of each other.cannot find matching IPSec tunnel for received traffic selector." System Logs showing "IKEv2 child SA negotiation failed when processing traffic selector.System Logs showing "IKE protocol notification message received: received notify type TS_UNACCEPTABLE".
0 kommentar(er)
