Remote Networking

Reply
Occasional Contributor II

RAP ike_phase_1.c:attribute_unacceptable

Hi,

I have this error message with a remote AP.
I don't understand why ...

Have you any idees ?

Thanks !

show log security all | include ike
....
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:ike_phase_1_responder_recv_SA:873 Found our AP vendor ID from external IP 78.230.80.108
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:attribute_unacceptable:2689 Proposal match failed in auth algo, configured=RSA_SIG, peer using=unknown
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:attribute_unacceptable:2711 Proposal match failed in key length, configured=32, peer using=16
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:attribute_unacceptable:2689 Proposal match failed in auth algo, configured=RSA_SIG, peer using=unknown
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:attribute_unacceptable:2704 Proposal match failed in group desc, configured=MODP_1024, peer using=MODP_768
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:attribute_unacceptable:2671 Proposal match failed in hash algo, configured=SHA, peer using=MD5
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:attribute_unacceptable:2689 Proposal match failed in auth algo, configured=RSA_SIG, peer using=unknown
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:attribute_unacceptable:2711 Proposal match failed in key length, configured=32, peer using=24
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:attribute_unacceptable:2689 Proposal match failed in auth algo, configured=RSA_SIG, peer using=unknown
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:attribute_unacceptable:2704 Proposal match failed in group desc, configured=MODP_1024, peer using=MODP_768
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:attribute_unacceptable:2671 Proposal match failed in hash algo, configured=SHA, peer using=MD5
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:attribute_unacceptable:2689 Proposal match failed in auth algo, configured=RSA_SIG, peer using=unknown
Dec 11 09:59:20 :103060: |ike| ike_phase_1.c:ike_phase_1_responder_recv_SA:991 Ike Phase 1 received SA
Dec 11 09:59:20 :103063: |ike| ike_phase_1_responder_send_SA_NAT_T
Aruba Employee

Re: RAP ike_phase_1.c:attribute_unacceptable

Hi Aurelien,

I'm asking engineering about this for you, can you tell me what devices are between the RAP and the controller? Does the RAP come up? Also, what version of software are you running? Are you trying to use zero-touch on something other than a 3000 or M3?

thanks,
-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Aruba Employee

Re: RAP ike_phase_1.c:attribute_unacceptable

Hi Aurelien,

It looks like this is a by product of the way the IPsec stack operates in the system. It doesn't mean that a problem exists, that's simply the process for negotiation used by the system.

-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Occasional Contributor II

Re: RAP ike_phase_1.c:attribute_unacceptable

Thanks for your answers.

It was working fine last week but last friday it don't.

I make several change and now it's works.....but I don't know why...

Regards
Aruba Employee

Re: RAP ike_phase_1.c:attribute_unacceptable

Glad it's working for you, if it happens again please let us know and keep track of the changes you're making.

thanks,
-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: