I configured a VPN and Phase 1 is up and Phase 2 appears to be up.
Its a route based vpn with traffic selectors.
In the tunnel events I get this message
Negotiation failed with INVALID_SYNTAX error(104 times) for each of the traffic selectors The prior messages are:
IPSec SA negotiation successfully completed (1 times)
Tunnel configuration changed. Corresponding IKE/IPSec SAs are deleted (1 times)
IKE SA negotiation successfully completed (4 times)
IPSec SA negotiation successfully completed (1 times)
Tunnel is ready. Waiting for trigger event or peer to trigger negotiation (1 times)
what does the invalid syntax mean? I compared configs and they match the full message with the line bolded red in question below.
Tunnel events:
IPSec SA negotiation successfully completed (1 times)
Tunnel configuration changed. Corresponding IKE/IPSec SAs are deleted (1 times)
IKE SA negotiation successfully completed (4 times)
IPSec SA negotiation successfully completed (1 times)
Tunnel is ready. Waiting for trigger event or peer to trigger negotiation (1 times)
Negotiation failed with INVALID_SYNTAX error(104 times)
Direction: inbound, SPI: efa10870, AUX-SPI: 0
, VPN Monitoring: -
Hard lifetime: Expires in 3394 seconds
Lifesize Remaining: Unlimited
Soft lifetime: Expires in 2796 seconds
Mode: Tunnel(0 0), Type: dynamic, State: installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (256 bits)
Anti-replay service: counter-based enabled, Replay window size: 64
Direction: outbound, SPI: c46c784f, AUX-SPI: 0
, VPN Monitoring: -
Hard lifetime: Expires in 3394 seconds
Lifesize Remaining: Unlimited
Soft lifetime: Expires in 2796 seconds
Mode: Tunnel(0 0), Type: dynamic, State: installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (256 bits)
Anti-replay service: counter-based enabled, Replay window size: 64
Thank you all for sharing to this thread!
------------------------------
Juan
------------------------------