08-09-2014 07:47 AM
I havs several RAP with IPsec down status.
The controller process log shows a lot of messages
Aug 7 07:31:40 isakmpd: <103060> <DBUG> |ike| 125.XXX.XXX.87:4500-> ike_phase_1.c:attribute_unacceptable:2685 Proposal match failed in encryption algo, configured=AES_CBC, peer using=3DES_CBC
Aug 7 07:31:40 isakmpd: <103060> <DBUG> |ike| 125.XXX.XXX.87:4500-> ike_phase_1.c:attribute_unacceptable:2711 Proposal match failed in auth algo, configured=RSA_SIG, peer using=unknown
below is my crypto configuration,
please give me a hint,
Thank you !
crypto isakmp policy 20
crypto isakmp key "a6ee1490ac869fadc7941630cd7d70df47673fb7cc2f8d7f" address 0.0.0.0 netmask 0.0.0.0
crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac
crypto dynamic-map default-dynamicmap 10000
set transform-set "default-transform" "default-aes"
no crypto-local isakmp xauth
crypto isakmp eap-passthrough eap-tls
crypto isakmp eap-passthrough eap-peap
crypto isakmp eap-passthrough eap-mschapv2
08-09-2014 10:27 AM
The proposal match failed normally just shows the controller cycling through configured crypto maps to try to match the incoming request. It by itself does not mean anything is wrong. Eventually it finds the correct one and everything works.
With regards to your issue, has anything changed? Have there been any outages? You did not say if anything corresponds with your RAPs being down...
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base