<< Prev Question Next Question >>
Question 18/36
-- Exhibit --
user@R1> show log ike-trace
Jun 13 07:45:10 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library Jun 13 07:45:10 ike_get_sA. Start, SA = { 7fd86fbe 8a99c1f6 - 00000000 00000000 } / 00000000, remote
= 184.0.15.2:500
Jun 13 07:45:10 ike_sa_allocate: Start, SA = { 7fd86fbe 8a99c1f6 - a1bc3f1d e2a45308 } Jun 13 07:45:10 ike_init_isakmp_sA. Start, remote = 184.0.15.2:500, initiator = 0 Jun 13 07:45:10 ike_decode_packet: Start Jun 13 07:45:10 ike_decode_packet: Start, SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733} / 00000000, nego = -1 Jun 13 07:45:10 ike_decode_payload_sA. Start Jun 13 07:45:10 ike_decode_payload_t: Start, # trans = 1
Jun 13 07:45:10 ike_decode_payload_t: Start, # trans = 1
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = afcad713 68a1f1c9 ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 27bab5dc 01ea0760 ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 6105c422 e76847e4 ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 4485152d 18b6bbcd ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = cd604643 35df21f8 ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 90cb8091 3ebb696e ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 7d9419a6 5310ca6f ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 4a131c81 07035845 ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..28] = 69936922 8741c6d4 ...
Jun 13 07:45:10 ike_st_i_sa_proposal: Start
Jun 13 07:45:10 P1 SA payload match failed for sa-cfg to-R2. Abortingnegotiation for tunnel type 2 local:184.0.15.1 remote:184.0.15.2 IKEv1.
Jun 13 07:45:10 iked_pm_ike_spd_select_ike_sa failed. rc 1, error_code: No proposal chosen Jun 13 07:45:10 ikev2_fb_spd_select_sa_cB. IKEv2 SA select failed with error No proposal chosen (neg a7e800) Jun 13 07:45:10 ike_isakmp_sa_reply: Start Jun 13 07:45:10 ike_state_restart_packet: Start, restart packet SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733}, nego = -1 Jun 13 07:45:10 ike_st_i_sa_proposal: Start Jun 13 07:45:10 ike_st_i_cr: Start
Jun 13 07:45:10 ike_st_i_cert: Start
Jun 13 07:45:10 ike_st_i_private: Start
Jun 13 07:45:10 ike_st_o_sa_values: Start
Jun 13 07:45:10 184.0.15.1:500 (Responder) -> 184.0.15.2:500 { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733
[-1] / 0x00000000 } IP; Error = No proposal chosen (14)
Jun 13 07:45:10 ike_alloc_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733} Jun 13 07:45:10 ike_encode_packet: Start, SA = { 0x7fd86fbe 8a99c1f6 - b8f95b2e f92ca733 } / b20d590c, nego = 0 Jun 13 07:45:10 ike_send_packet: Start, send SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733}, nego = 0, dst = 184.0.15.2:500, routing table id = 0 Jun 13 07:45:10 ike_delete_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733}, nego = 0 Jun 13 07:45:10 ike_free_negotiation_info: Start, nego = 0 Jun 13 07:45:10 ike_free_negotiation: Start, nego = 0 Jun 13 07:45:10 IKE negotiation fail for local:184.0.15.1, remote:184.0.15.2 IKEv1 with status: No proposal chosen Jun 13 07:45:10 IKEv1 Error : No proposal chosen Jun 13 07:45:40 P1 SA 3770105 timer expiry. ref cnt 1, timer reason Force delete timer expired (1), flags
0x330.
Jun 13 07:45:40 iked_pm_ike_sa_delete_done_cB. For p1 sa index 3770105, ref cnt 1, status: Error ok Jun 13 07:45:40 ike_remove_callback: Start, delete SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733}, nego
= -1
Jun 13 07:45:40 ike_delete_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733}, nego = -1 Jun 13 07:45:40 ssh_ike_tunnel_table_entry_delete: Deleting tunnel_iD. 0 from IKE tunnel table Jun 13 07:45:40 ssh_ike_tunnel_table_entry_delete: The tunnel iD. 0 doesn't exist in IKE tunnel table Jun 13 07:45:40 ike_sa_delete: Start, SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733 } Jun 13 07:45:40 ike_free_negotiation_isakmp: Start, nego = -1 Jun 13 07:45:40 ike_free_negotiation: Start, nego = -1 Jun 13 07:45:40 IKE SA delete called for p1 sa 3770105 (ref cnt 1) local:184.0.15.1, remote:184.0.15.2, IKEv1 Jun 13 07:45:40 iked_pm_p1_sa_destroy: p1 sa 3770105 (ref cnt 0), waiting_for_del 0x0 Jun 13 07:45:40 ike_free_sA. Start
-- Exhibit --
Click the Exhibit button.
You are asked to troubleshoot a new IPsec VPN between R1 and R2 that is not coming up. You have captured the traceoptions output shown in the exhibit.
What is the reason for the problem?
user@R1> show log ike-trace
Jun 13 07:45:10 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library Jun 13 07:45:10 ike_get_sA. Start, SA = { 7fd86fbe 8a99c1f6 - 00000000 00000000 } / 00000000, remote
= 184.0.15.2:500
Jun 13 07:45:10 ike_sa_allocate: Start, SA = { 7fd86fbe 8a99c1f6 - a1bc3f1d e2a45308 } Jun 13 07:45:10 ike_init_isakmp_sA. Start, remote = 184.0.15.2:500, initiator = 0 Jun 13 07:45:10 ike_decode_packet: Start Jun 13 07:45:10 ike_decode_packet: Start, SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733} / 00000000, nego = -1 Jun 13 07:45:10 ike_decode_payload_sA. Start Jun 13 07:45:10 ike_decode_payload_t: Start, # trans = 1
Jun 13 07:45:10 ike_decode_payload_t: Start, # trans = 1
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = afcad713 68a1f1c9 ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 27bab5dc 01ea0760 ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 6105c422 e76847e4 ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 4485152d 18b6bbcd ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = cd604643 35df21f8 ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 90cb8091 3ebb696e ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 7d9419a6 5310ca6f ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 4a131c81 07035845 ...
Jun 13 07:45:10 ike_st_i_viD. VID[0..28] = 69936922 8741c6d4 ...
Jun 13 07:45:10 ike_st_i_sa_proposal: Start
Jun 13 07:45:10 P1 SA payload match failed for sa-cfg to-R2. Abortingnegotiation for tunnel type 2 local:184.0.15.1 remote:184.0.15.2 IKEv1.
Jun 13 07:45:10 iked_pm_ike_spd_select_ike_sa failed. rc 1, error_code: No proposal chosen Jun 13 07:45:10 ikev2_fb_spd_select_sa_cB. IKEv2 SA select failed with error No proposal chosen (neg a7e800) Jun 13 07:45:10 ike_isakmp_sa_reply: Start Jun 13 07:45:10 ike_state_restart_packet: Start, restart packet SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733}, nego = -1 Jun 13 07:45:10 ike_st_i_sa_proposal: Start Jun 13 07:45:10 ike_st_i_cr: Start
Jun 13 07:45:10 ike_st_i_cert: Start
Jun 13 07:45:10 ike_st_i_private: Start
Jun 13 07:45:10 ike_st_o_sa_values: Start
Jun 13 07:45:10 184.0.15.1:500 (Responder) -> 184.0.15.2:500 { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733
[-1] / 0x00000000 } IP; Error = No proposal chosen (14)
Jun 13 07:45:10 ike_alloc_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733} Jun 13 07:45:10 ike_encode_packet: Start, SA = { 0x7fd86fbe 8a99c1f6 - b8f95b2e f92ca733 } / b20d590c, nego = 0 Jun 13 07:45:10 ike_send_packet: Start, send SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733}, nego = 0, dst = 184.0.15.2:500, routing table id = 0 Jun 13 07:45:10 ike_delete_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733}, nego = 0 Jun 13 07:45:10 ike_free_negotiation_info: Start, nego = 0 Jun 13 07:45:10 ike_free_negotiation: Start, nego = 0 Jun 13 07:45:10 IKE negotiation fail for local:184.0.15.1, remote:184.0.15.2 IKEv1 with status: No proposal chosen Jun 13 07:45:10 IKEv1 Error : No proposal chosen Jun 13 07:45:40 P1 SA 3770105 timer expiry. ref cnt 1, timer reason Force delete timer expired (1), flags
0x330.
Jun 13 07:45:40 iked_pm_ike_sa_delete_done_cB. For p1 sa index 3770105, ref cnt 1, status: Error ok Jun 13 07:45:40 ike_remove_callback: Start, delete SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733}, nego
= -1
Jun 13 07:45:40 ike_delete_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733}, nego = -1 Jun 13 07:45:40 ssh_ike_tunnel_table_entry_delete: Deleting tunnel_iD. 0 from IKE tunnel table Jun 13 07:45:40 ssh_ike_tunnel_table_entry_delete: The tunnel iD. 0 doesn't exist in IKE tunnel table Jun 13 07:45:40 ike_sa_delete: Start, SA = { 7fd86fbe 8a99c1f6 - b8f95b2e f92ca733 } Jun 13 07:45:40 ike_free_negotiation_isakmp: Start, nego = -1 Jun 13 07:45:40 ike_free_negotiation: Start, nego = -1 Jun 13 07:45:40 IKE SA delete called for p1 sa 3770105 (ref cnt 1) local:184.0.15.1, remote:184.0.15.2, IKEv1 Jun 13 07:45:40 iked_pm_p1_sa_destroy: p1 sa 3770105 (ref cnt 0), waiting_for_del 0x0 Jun 13 07:45:40 ike_free_sA. Start
-- Exhibit --
Click the Exhibit button.
You are asked to troubleshoot a new IPsec VPN between R1 and R2 that is not coming up. You have captured the traceoptions output shown in the exhibit.
What is the reason for the problem?
