Wireless Access

New Contributor

RAP with IPsec down problem


I havs several RAP with IPsec down status.

The controller process log shows a lot of messages


Aug 7 07:31:40 isakmpd[1496]: <103060> <DBUG> |ike| 125.XXX.XXX.87:4500-> ike_phase_1.c:attribute_unacceptable:2685 Proposal match failed in encryption algo, configured=AES_CBC, peer using=3DES_CBC

Aug 7 07:31:40 isakmpd[1496]: <103060> <DBUG> |ike| 125.XXX.XXX.87:4500-> ike_phase_1.c:attribute_unacceptable:2711 Proposal match failed in auth algo, configured=RSA_SIG, peer using=unknown



below is my crypto configuration,

please give me a hint,

Thank you !


crypto isakmp policy 20

  encryption aes256



crypto isakmp key "a6ee1490ac869fadc7941630cd7d70df47673fb7cc2f8d7f" address netmask

crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac

crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac

crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac

crypto dynamic-map default-dynamicmap 10000

  set transform-set "default-transform" "default-aes" 



no crypto-local isakmp xauth

crypto isakmp eap-passthrough eap-tls

crypto isakmp eap-passthrough eap-peap

crypto isakmp eap-passthrough eap-mschapv2


Guru Elite

Re: RAP with IPsec down problem

The proposal match failed normally just shows the controller cycling through configured crypto maps to try to match the incoming request.  It by itself does not mean anything is wrong.  Eventually it finds the correct one and everything works.


With regards to your issue, has anything changed?  Have there been any outages?  You did not say if anything corresponds with your RAPs being down...

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: