root@SRX220# run show log ike-trace [May 12 10:32:50]ike_st_i_gen_hash: Start, hash[0..20] = 8ea6fd8b cdaacb1e ... [May 12 10:32:50]ike_st_i_n: Start, doi = 1, protocol = 3, code = No proposal chosen (14), spi[0..4] = 01468c26 00000000 ..., data[0..50] = 800c0001 00060022 ... [May 12 10:32:50]:4500 (Responder) <-> 33.12.22.1:4500 { 60efe55e 900f3e18 - ec473306 c662a7e3 [1] / 0xf6972201 } Info; Notification data has attribute list [May 12 10:32:50]:4500 (Responder) <-> 33.12.22.1:4500 { 60efe55e 900f3e18 - ec473306 c662a7e3 [1] / 0xf6972201 } Info; Notify message version = 1 [May 12 10:32:50]:4500 (Responder) <-> 33.12.22.1:4500 { 60efe55e 900f3e18 - ec473306 c662a7e3 [1] / 0xf6972201 } Info; Error text = Could not find acceptable proposal [May 12 10:32:50]:4500 (Responder) <-> 33.12.22.1:4500 { 60efe55e 900f3e18 - ec473306 c662a7e3 [1] / 0xf6972201 } Info; Offending message id = 0x03cbd908 [May 12 10:32:50]ike_remove_callback: Start, delete SA = { 60efe55e 900f3e18 - ec473306 c662a7e3}, nego = 0 [May 12 10:32:50]:500 (Initiator) <-> 33.12.22.1:4500 { 60efe55e 900f3e18 - ec473306 c662a7e3 [0] / 0x03cbd908 } QM; Connection got error = 14, calling callback [May 12 10:32:50]ike_delete_negotiation: Start, SA = { 60efe55e 900f3e18 - ec473306 c662a7e3}, nego = 0 [May 12 10:32:50]ike_free_negotiation_qm: Start, nego = 0 [May 12 10:32:50]ike_free_negotiation: Start, nego = 0 [May 12 10:32:50]ike_free_id_payload: Start, id type = 4 [May 12 10:32:50]ike_free_id_payload: Start, id type = 4 [May 12 10:32:50]ike_st_i_private: Start [May 12 10:32:50]ike_send_notify: Connected, SA = { 60efe55e 900f3e18 - ec473306 c662a7e3}, nego = 1 [May 12 10:32:50]ike_delete_negotiation: Start, SA = { 60efe55e 900f3e18 - ec473306 c662a7e3}, nego = 1 [May 12 10:32:50]ike_free_negotiation_info: Start, nego = 1 [May 12 10:32:50]ike_free_negotiation: Start, nego = 1 [May 12 10:32:50]IPSec negotiation failed for SA-CFG ipsec-vpn-cantho-line1 for local:192.168.1.5, remote:33.12.22.1 IKEv1. status: No proposal chosen [May 12 10:32:50] P2 ed info: flags 0xc2, P2 error: Error ok [May 12 10:32:50] IKEv1 Error : No proposal chosen [May 12 10:32:50]IPSec SA done callback with sa-cfg NULL in p2_ed. status: No proposal chosen [May 12 10:32:50]ikev2_packet_allocate: Allocated packet dac800 from freelist [May 12 10:32:50]ike_sa_find: Found SA = { aff016fa 045f07f1 - 19e84f6d 91ca9091 } [May 12 10:32:50]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 12 10:32:50]ike_get_sa: Start, SA = { aff016fa 045f07f1 - 19e84f6d 91ca9091 } / ae836e35, remote = 33.12.22.1:4500 [May 12 10:32:50]ike_sa_find: Found SA = { aff016fa 045f07f1 - 19e84f6d 91ca9091 } [May 12 10:32:50]ike_alloc_negotiation: Start, SA = { aff016fa 045f07f1 - 19e84f6d 91ca9091} [May 12 10:32:50]ike_decode_packet: Start [May 12 10:32:50]ike_decode_packet: Start, SA = { aff016fa 045f07f1 - 19e84f6d 91ca9091} / ae836e35, nego = 0 [May 12 10:32:50]ike_st_i_encrypt: Check that packet was encrypted succeeded [May 12 10:32:50]ike_st_i_gen_hash: Start, hash[0..20] = f19c6571 e4b36d6b ... [May 12 10:32:50]ike_st_i_d: Start, doi = 1, protocol = 1, spis[0..1][0..16] = [aff016fa 045f07f1 ...] [May 12 10:32:50]ike_sa_find: Found SA = { aff016fa 045f07f1 - 19e84f6d 91ca9091 } [May 12 10:32:50]:4500 (Responder) <-> 33.12.22.1:4500 { aff016fa 045f07f1 - 19e84f6d 91ca9091 [0] / 0xae836e35 } Info; delete spi[16] = 0xaff016fa 045f07f1 19e84f6d 91ca9091 [May 12 10:32:50]ike_st_i_private: Start [May 12 10:32:50]ike_send_notify: Connected, SA = { aff016fa 045f07f1 - 19e84f6d 91ca9091}, nego = 0 [May 12 10:32:50]ike_delete_negotiation: Start, SA = { aff016fa 045f07f1 - 19e84f6d 91ca9091}, nego = 0 [May 12 10:32:50]ike_free_negotiation_info: Start, nego = 0 [May 12 10:32:50]ike_free_negotiation: Start, nego = 0 [May 12 10:32:50]ike_remove_callback: Start, delete SA = { aff016fa 045f07f1 - 19e84f6d 91ca9091}, nego = -1 [May 12 10:32:50]ike_delete_negotiation: Start, SA = { aff016fa 045f07f1 - 19e84f6d 91ca9091}, nego = -1 [May 12 10:32:50]ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 12 10:32:50]ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 12 10:32:50]ike_sa_delete: Start, SA = { aff016fa 045f07f1 - 19e84f6d 91ca9091 } [May 12 10:32:50]ike_free_negotiation_isakmp: Start, nego = -1 [May 12 10:32:50]ike_free_negotiation: Start, nego = -1 [May 12 10:32:50]IKE SA delete called for p1 sa 1203481 (ref cnt 1) local:192.168.1.5, remote:33.12.22.1, IKEv1 [May 12 10:32:50]iked_pm_p1_sa_destroy: p1 sa 1203481 (ref cnt 0), waiting_for_del 0x0 [May 12 10:32:50]ike_free_id_payload: Start, id type = 2 [May 12 10:32:50]ike_free_id_payload: Start, id type = 1 [May 12 10:32:50]ike_free_sa: Start [May 12 10:33:00]iked_pm_ike_spd_notify_request: Sending Initial contact [May 12 10:33:00]ssh_ike_connect: Start, remote_name = 33.12.22.1:500, xchg = 4, flags = 00040000 [May 12 10:33:00]ike_sa_allocate: Start, SA = { 2effa8c3 efa6fe2a - 00000000 00000000 } [May 12 10:33:00]ike_init_isakmp_sa: Start, remote = 33.12.22.1:500, initiator = 1 [May 12 10:33:00]ssh_ike_connect: SA = { 2effa8c3 efa6fe2a - 00000000 00000000}, nego = -1 [May 12 10:33:00]ike_st_o_sa_proposal: Start [May 12 10:33:00]ike_st_o_ke: Start [May 12 10:33:00]ike_st_o_nonce: Start [May 12 10:33:00]ike_policy_reply_isakmp_nonce_data_len: Start [May 12 10:33:00]ike_st_o_id: Start [May 12 10:33:00]ike_policy_reply_isakmp_vendor_ids: Start [May 12 10:33:00]ike_st_o_private: Start [May 12 10:33:00]ike_policy_reply_private_payload_out: Start [May 12 10:33:00]ike_encode_packet: Start, SA = { 0x2effa8c3 efa6fe2a - 00000000 00000000 } / 00000000, nego = -1 [May 12 10:33:00]ike_send_packet: Start, send SA = { 2effa8c3 efa6fe2a - 00000000 00000000}, nego = -1, dst = 33.12.22.1:500, routing table id = 0 [May 12 10:33:00]ikev2_packet_allocate: Allocated packet dabc00 from freelist [May 12 10:33:00]ike_sa_find: Not found SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8 } [May 12 10:33:00]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 12 10:33:00]ike_get_sa: Start, SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8 } / 00000000, remote = 33.12.22.1:500 [May 12 10:33:00]ike_sa_find: Not found SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8 } [May 12 10:33:00]ike_sa_find_half: Found half SA = { 2effa8c3 efa6fe2a - 00000000 00000000 } [May 12 10:33:00]ike_sa_upgrade: Start, SA = { 2effa8c3 efa6fe2a - 00000000 00000000 } -> { ... - 0f001596 08444df8 } [May 12 10:33:00]ike_decode_packet: Start [May 12 10:33:00]ike_decode_packet: Start, SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8} / 00000000, nego = -1 [May 12 10:33:00]ike_decode_payload_sa: Start [May 12 10:33:00]ike_decode_payload_t: Start, # trans = 1 [May 12 10:33:00]ike_st_i_sa_value: Start [May 12 10:33:00]ike_st_i_nonce: Start, nonce[0..16] = 6b86df7e 91b1bf5f ... [May 12 10:33:00]ike_st_i_id: Start [May 12 10:33:00]ike_st_i_ke: Ke[0..128] = e3e89461 5d1a8b50 ... [May 12 10:33:00]ike_st_i_hash: Start, hash[0..20] = d9dd385e a5326ca4 ... [May 12 10:33:00]ike_calc_mac: Start, initiator = true, local = false [May 12 10:33:00]ike_find_pre_shared_key: Find pre shared key key for 192.168.1.5:500, id = fqdn(any:0,[0..10]=test-bk0 ) -> 33.12.22.1:500, id = ipv4(any:0,[0..3]=33.12.22.1) [May 12 10:33:00]ike_policy_reply_find_pre_shared_key: Start [May 12 10:33:00]ike_st_i_cert: Start [May 12 10:33:00]ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 12 10:33:00]ike_st_i_vid: VID[0..16] = 4a131c81 07035845 ... [May 12 10:33:00]ike_st_i_vid: VID[0..28] = 69936922 8741c6d4 ... [May 12 10:33:00]ike_st_i_private: Start [May 12 10:33:00]ike_st_o_hash: Start [May 12 10:33:00]ike_calc_mac: Start, initiator = true, local = true [May 12 10:33:00]ike_st_o_status_n: Start [May 12 10:33:00]ike_st_o_private: Start [May 12 10:33:00]ike_policy_reply_private_payload_out: Start [May 12 10:33:00]ike_policy_reply_private_payload_out: Start [May 12 10:33:00]ike_policy_reply_private_payload_out: Start [May 12 10:33:00]ike_st_o_optional_encrypt: Marking encryption for packet [May 12 10:33:00]ike_st_o_wait_done: Marking for waiting for done [May 12 10:33:00]ike_st_o_all_done: MESSAGE: Phase 1 { 0x2effa8c3 efa6fe2a - 0x0f001596 08444df8 } / 00000000, version = 1.0, xchg = Aggressive, auth_method = Pre shared keys, Initiator, cipher = 3des-cbc, hash = sha1, prf = hmac-sha1, life [May 12 10:33:00]192.168.1.5:4500 (Initiator) <-> 33.12.22.1:4500 { 2effa8c3 efa6fe2a - 0f001596 08444df8 [-1] / 0x00000000 } Aggr; MESSAGE: Phase 1 version = 1.0, auth_method = Pre shared keys, cipher = 3des-cbc, hash = sha1, prf = hmac- [May 12 10:33:00]ike_encode_packet: Start, SA = { 0x2effa8c3 efa6fe2a - 0f001596 08444df8 } / 00000000, nego = -1 [May 12 10:33:00]ike_send_packet: Start, send SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8}, nego = -1, dst = 33.12.22.1:4500, routing table id = 0 [May 12 10:33:00]ike_send_notify: Connected, SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8}, nego = -1 [May 12 10:33:00]iked_pm_ike_sa_done: local:192.168.1.5, remote:33.12.22.1 IKEv1 [May 12 10:33:00]IKE negotiation done for local:192.168.1.5, remote:33.12.22.1 IKEv1 with status: Error ok [May 12 10:33:00]Added (spi=0xa3456fc5, protocol=0) entry to the spi table [May 12 10:33:00]Added (spi=0x9963b453, protocol=0) entry to the spi table [May 12 10:33:00]ssh_ike_connect_ipsec: Start, remote_name = :500, flags = 00010000 [May 12 10:33:00]ike_sa_find_ip_port: Remote = all:500, Found SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8} [May 12 10:33:00]ike_alloc_negotiation: Start, SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8} [May 12 10:33:00]ssh_ike_connect_ipsec: SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8}, nego = 0 [May 12 10:33:00]ike_init_qm_negotiation: Start, initiator = 1, message_id = d066b4fe [May 12 10:33:00]ike_st_o_qm_hash_1: Start [May 12 10:33:00]ike_st_o_qm_sa_proposals: Start [May 12 10:33:00]ike_st_o_qm_nonce: Start [May 12 10:33:00]ike_policy_reply_qm_nonce_data_len: Start [May 12 10:33:00]ike_st_o_qm_optional_ke: Start [May 12 10:33:00]ike_st_o_qm_optional_ids: Start [May 12 10:33:00]ike_st_qm_optional_id: Start [May 12 10:33:00]ike_st_qm_optional_id: Start [May 12 10:33:00]ike_st_o_private: Start [May 12 10:33:00]Construction NHTB payload for local:192.168.1.5, remote:33.12.22.1 IKEv1 P1 SA index 1206570 sa-cfg ipsec-vpn-cantho-line1 [May 12 10:33:00]Could not get local tunnel ip address. Not sending NHTB notify payload for sa-cfg ipsec-vpn-cantho-line1 [May 12 10:33:00]ike_policy_reply_private_payload_out: Start [May 12 10:33:00]ike_st_o_encrypt: Marking encryption for packet [May 12 10:33:00]ike_encode_packet: Start, SA = { 0x2effa8c3 efa6fe2a - 0f001596 08444df8 } / d066b4fe, nego = 0 [May 12 10:33:00]ike_finalize_qm_hash_1: Hash[0..20] = 3950d286 7a5e4f63 ... [May 12 10:33:00]ike_send_packet: Start, send SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8}, nego = 0, dst = 33.12.22.1:4500, routing table id = 0 [May 12 10:33:00]iked_deferred_free_inactive_peer_entry: Free 1 peer_entry(s) [May 12 10:33:00]ikev2_packet_allocate: Allocated packet dad000 from freelist [May 12 10:33:00]ike_sa_find: Found SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8 } [May 12 10:33:00]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 12 10:33:00]ike_get_sa: Start, SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8 } / 66800ce9, remote = 33.12.22.1:4500 [May 12 10:33:00]ike_sa_find: Found SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8 } [May 12 10:33:00]ike_st_o_done: ISAKMP SA negotiation done [May 12 10:33:00]ike_send_notify: Connected, SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8}, nego = -1 [May 12 10:33:00]ike_free_negotiation_isakmp: Start, nego = -1 [May 12 10:33:00]ike_free_negotiation: Start, nego = -1 [May 12 10:33:00]ike_alloc_negotiation: Start, SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8} [May 12 10:33:00]ike_decode_packet: Start [May 12 10:33:00]ike_decode_packet: Start, SA = { 2effa8c3 efa6fe2a - 0f001596 08444df8} / 66800ce9, nego = 1 [May 12 10:33:00]ike_st_i_encrypt: Check that packet was encrypted succeeded [May 12 10:33:00]ike_st_i_gen_hash: Start, hash[0..20] = 0f3ae0b2 395b4327 ... [May 12 10:33:00]ike_st_i_n: Start, doi = 1, protocol = 3, code = No proposal chosen (14), spi[0..4] = a3456fc5 00000000 ..., data[0..50] = 800c0001 00060022 ... [May 12 10:33:00]:4500 (Responder) <-> 33.12.22.1:4500 { 2effa8c3 efa6fe2a - 0f001596 08444df8 [1] / 0x66800ce9 } Info; Notification data has attribute list [May 12 10:33:00]:4500 (Responder) <-> 33.12.22.1:4500 { 2effa8c3 efa6fe2a - 0f001596 08444df8 [1] / 0x66800ce9 } Info; Notify message version = 1 [May 12 10:33:00]:4500 (Responder) <-> 33.12.22.1:4500 { 2effa8c3 efa6fe2a - 0f001596 08444df8 [1] / 0x66800ce9 } Info; Error text = Could not find acceptable proposal [May 12 10:33:00]:4500 (Responder) <-> 33.12.22.1:4500 { 2effa8c3 efa6fe2a - 0f001596 08444df8 [1] / 0x66800ce9 } Info; Offending message id = 0xd066b4fe