Skip to main content
jonniew
jonniew
New Member
October 24, 2013
Question

Quick mode selector is not working

  • October 24, 2013
  • 3 replies
  • 13926 views
Im trying to get up an ipsec VPN in interface mode. Im already set in the gui in p2 the Quickmode selector to source: 192.168.60.0/24 destination: 192.168.10.9/24 The debug output shows that is not working: ike 0:vpnipsec_m:1692:5682: peer proposal is: peer:0:192.168.10.0-192.168.10.255:0, me:0:192.168.60.0-192.168.60.255:0 ike 0:vpnipsec_m:1692:vpn_ipsec_m:5682: trying ike 0:vpnipsec_m:1692:5682: specified selectors mismatch ike 0:vpnipsec_m:1692:5682: peer: type=7/7, local=0:192.168.60.0-192.168.60.255:0, remote=0:192.168.10.0-192.168.10.255:0 ike 0:vpnipsec_m:1692:5682: mine: type=7/7, local=0:0.0.0.0-255.255.255.255:0, remote=0:0.0.0.0-255.255.255.255:0 ike 0:vpnipsec_m:1692:5682: no matching phase2 found ike 0:vpnipsec_m:1692:5682: failed to get responder proposal What could the reason ? What make I wrong ? Thanks for any help !

    3 replies

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    October 24, 2013
    Who is talking to whom? Which is local, which is remote? Seems to have source and destination the wrong way around. And, local side has wildcard selectors - at least the source side should be known.
    jonniew
    jonniewAuthor
    New Member
    October 24, 2013
    Hello Ede Thanks for your fast response: local is: 192.168.60.0/24 remote is 192.168.10.0/24 The 9 in 192.168.10.9/24 was a type error here in the ticket. I already tried to switch remote and local withot any success. I alway get the same debug output which shown that the selector in the firewall is ike 0:vpnipsec_m:1692:5682: mine: type=7/7, local=0:0.0.0.0-255.255.255.255:0, remote=0:0.0.0.0-255.255.255.255:0
    emnoc
    emnoc
    New Member
    October 25, 2013
    this should be a clue? 0:192.168.10.0-192.168.10.255:0, me:0:192.168.60.0-192.168.60.255:0 and 0:0.0.0.0-255.255.255.255:0, remote=0:0.0.0.0-255.255.255.255:0 What are you connecting to ( fgt,asa,chkpt,sonicwall,etc....) ? What exactly do you have configured on phase2 local/remote proxy-id vrs what does the other end have config ? i.e src 0.0.0.0/0 port 0 dst 0.0.0.0/0 port 0 or src 192.168.60.0/24 to dst 192.168.10.0/24 ( a copy of the gui vpn ipsec monitor or show vpn ipsec phase2-interface would be better )
    Terms & ConditionsAccessibility statement