Analysis, Solution, Symptom – H3C Technologies H3C S6300 Series Switches User Manual

262

2.

When IKE event debugging and packet debugging are enabled, the following messages appear:
IKE event debugging message:

The attributes are unacceptable.

IKE packet debugging message:

Construct notification packet: NO_PROPOSAL_CHOSEN.

Analysis

Certain IKE proposal settings are incorrect.

Solution

1.

Examine the IKE proposal configuration to see whether the two ends have matching IKE proposals.

2.

Modify the IKE proposal configuration to make sure the two ends have matching IKE proposals.

IKE negotiation failed because no IKE proposals or IKE
keychains are referenced correctly

Symptom

1.

The IKE SA is in Unknown state.

display ike sa

Connection-ID Remote Flag DOI

------------------------------------------------------------------

1 192.168.222.5 Unknown IPSEC

Flags:

RD--READY RL--REPLACED FD-FADING

2.

The following IKE event debugging or packet debugging message appeared:
IKE event debugging message:

Notification PAYLOAD_MALFORMED is received.

IKE packet debugging message:

Construct notification packet: PAYLOAD_MALFORMED.

Analysis

•

If the following debugging information appeared, the matched IKE profile is not referencing the
matched IKE proposal:

Failed to find proposal 1 in profile profile1.

•

If the following debugging information appeared, the matched IKE profile is not referencing the

matched IKE keychain:

Failed to find keychain keychain1 in profile profile1.

Solution

•

Verify that the matched IKE proposal (IKE proposal 1 in this debugging message example) is

referenced by the IKE profile (IKE profile 1 in the example).

•

Verify that the matched IKE keychain (IKE keychain 1 in this debugging message example) is
referenced by the IKE profile (IKE profile 1 in the example).