No matching IPsec selector, drop

Forum|Forum|7 years ago
July 19, 2018
1 reply
8579 views

good day all.

i am stuck with this error message on my IPsec tunnel and do not know how to proceed. can anyone assist me please.

id=20085 trace_id=342 func=print_pkt_detail line=5319 msg="vd-DPRVR01OUTR received a packet(proto =1, 10.20.192.8:44384->172.16.200.75:2048) from local. type=8, code=0, id=44384, seq=2." id=20085 trace_id=342 func=resolve_ip_tuple_fast line=5394 msg="Find an existing session, id-01fe 94f9, original direction" id=20085 trace_id=342 func=ipsecdev_hard_start_xmit line=178 msg="enter IPsec interface-VPN_SBSA- RASG" id=20085 trace_id=342 func=ipsec_common_output4 line=816 msg="No matching IPsec selector, drop"

how do i create a matching IPsec selector

regards

Troubled soul

emnoc

New Member

Check the local/remote subnets between the two vpn gateways. They need to match

example IPSEC S2S siteA to siteB

siteA

set src-subnet 10.1.1.0/24

set dst-subnet 10.1.2.0/24

siteB:

set dst-subnet 10.1.1.0/24

set src-subnet 10.1.2.0/24

You probably have the TS wrong in the phase2- settings

ken

selassiAuthor

New Member

Thank you for your response.

i realised like what you said in your response that there are inconsistent gateway ips. however when i change my IP to the corressponding gateway my partner is using, my tunnel goes down and it will not come up. however when i run the diag debug the error message for no matching IP selectors stops. how can i troubleshoot the tunnel itself?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded