SRX

hi guys,

i've created a site2site vpn between our srx340 running junos 17.3R1.10 and an SOPHOS ASG.

3 subnets on my side and on on the other side all defined with Traffic Selectors.

Tunnel comes up fine  and traffic is flowing in both directions  , unfortunatly  is still get this error:

Peer proposed phase2 proposal conflicts with local configuration. Negotiation failed 

Config is like this:

ike-policy-1

mode main;
proposals ike-proposal-1;
pre-shared-key ascii-text 

ike-proposal-1

authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm sha1;
encryption-algorithm aes-128-cbc;
lifetime-seconds 3600;

ike-gateway

ike-policy ike-policy-1

address **.***.***.***
external-interface reth1.1;
version v1-only;

ipsec proposal ipsec-proposal-1

protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-256-cbc;
lifetime-seconds 3600;

vpn vpn-1

bind-interface st0.2;
ike {
gateway ike-gateway-1;
ipsec-policy ipsec-policy-1;
}
traffic-selector TS1 {
local-ip 100.100.0.0/16;
remote-ip 192.168.50.0/24;
}
traffic-selector TS2 {
local-ip 110.100.0.0/16;
remote-ip 192.168.50.0/24;
}
traffic-selector TS3 {
local-ip 172.21.49.0/24;
remote-ip 192.168.50.0/24;
}
establish-tunnels immediately;
}

how to fix this or is this a bug?

You have posted the phase 1 configurations.  The phase 2 configurations are under:

security ipsec 

And to check we would need to see what the other side is expecting as the proposals.

Are there other tunnels on this SRX?  

Since this one is passing traffic maybe the event is from another connection.

What is the output from:

show security ipsec security-associations