Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
251252253254255256257258259260
244
[inbound ESP SAs]
spi: 110534512 (0x6969f70)
transform: ESP-ENCRYPT-DES ESP-AUTH-SHA1
in use setting: Tunnel
connection id: 1
sa duration (kilobytes/sec): 1843200/3600
sa remaining duration (kilobytes/sec): 1843199/965
anti-replay detection: Enabled
anti-replay window size(counter based): 32
udp encapsulation used for nat traversal: N
communication entity: Responder
status: --
[outbound ESP SAs]
spi: 118757629 (0x71418fd)
proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1
in use setting: Tunnel
connection id: 1
sa duration (kilobytes/sec): 1843200/3600
sa remaining duration (kilobytes/sec): 1843199/965
anti-replay detection: Enabled
anti-replay window size(counter based): 32
udp encapsulation used for nat traversal: N
communication entity: Responder
status: --
Troubleshooting IKEv2
To troubleshoot IKEv2, use the following command to enable IKEv2 error debugging.
<Sysname> debugging ikev2 error
No matching IKEv2 proposal found
Symptom
The two peers find no matching IKEv2 proposal.
Analysis
At the IKE_SA_INIT exchange phase, two peers must have a matching IKEv2 proposal.
Solution
Verify that the IKEv2 proposals of the peers' IKEv2 policies have a set of matching algorithms, including
the encryption algorithm, integrity protection algorithm, PRF algorithm, and DH group.