- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSec Tunnel negotiation failure - VID unknown (12)
Good morning,
I'm trying to connect my 600D(v6.0.3b200) to Oracle Cloud. I can't get the tunnel to establish, though I'm fairly certain I have everything matched up. Any help would be greatly appreciated!
When doing a ike debug in the command line, I get
ike 0: comes 129.xxx.xxx.xxx:500->216.yyy.yyy.yyy:500,ifindex=9.... ike 0: IKEv1 exchange=Identity Protection id=a8d0ca6a5fcf7131/0000000000000000 len=224 ike 0: in A8D0CA6A5FCF713100000000000000000110020000000000000000E00D00003C000000010000000100000030000100010000002800010000800B0001000C0004000151808001000780020004800300018004000E800E01000D0000104F456E4847404740514665600D000014AFCAD71368A1F1C96B8696FC775701000D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D00001490CB80913EBB696E086381B5EC427B1F0D000014CD60464335DF21F87CFDB2FC68B6A448000000144485152D18B6BBCD0BE8A8469579DDCC ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: responder: main mode get 1st message... ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: VID unknown (12): OEnHG@G@QFe` ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: VID RFC 3947 4A131C81070358455C5728F20E95452F ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56 ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448 ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: VID draft-ietf-ipsec-nat-t-ike-00 4485152D18B6BBCD0BE8A8469579DDCC ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: incoming proposal: ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: proposal id = 0: ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: protocol id = ISAKMP: ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: trans_id = KEY_IKE. ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: encapsulation = IKE/none ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=256 ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: type=OAKLEY_HASH_ALG, val=SHA2_256. ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: type=AUTH_METHOD, val=PRESHARED_KEY. ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: type=OAKLEY_GROUP, val=MODP2048. ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: ISAKMP SA lifetime=86400 ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: negotiation failure ike Negotiate ISAKMP SA Error: ike 0:a8d0ca6a5fcf7131/0000000000000000:638684: no SA proposal chosen
My config on the 600D is:
config vpn ipsec phase1-interface
edit "ORACLE-CLOUD"
set interface "port10"
set ike-version 2
set peertype any
set proposal aes256-sha256
set dhgrp 14
set remote-gw 129.xxx.xxx.xxx
set psksecret ENC F0z[...]Q==
next
end
config vpn ipsec phase2-interface
edit "ORACLE-CLOUD"
set phase1name "ORACLE-CLOUD"
set proposal aes256-sha256
set dhgrp 14
set replay disable
set src-addr-type name set dst-addr-type name
set keylifeseconds 3600 set src-name "all" set dst-name "ORACLE-CLOUD"
next end
See attached image for my Oracle Cloud config
