다음은 1단계 정책 불일치 오류 로그를 나타냅니다.

NSX Edge

NSX Edge가 STATE_MAIN_I1 상태에서 작동이 중단되었습니다. /var/log/messages를 확인하여 피어가 "NO_PROPOSAL_CHOSEN"이 설정된 IKE 메시지를 다시 전송했음을 나타내는 정보가 있는지 찾습니다.

000 #1: "s1-c1":500 STATE_MAIN_I1 (sent MI1, 
      expecting MR1); EVENT_RETRANSMIT in 7s; nodpd; idle; 
      import:admin initiate
000 #1: pending Phase 2 for "s1-c1" replacing #0
Aug 26 12:31:25 weiqing-desktop ipsec[6569]: 
      | got payload 0x800(ISAKMP_NEXT_N) needed: 0x0 opt: 0x0
Aug 26 12:31:25 weiqing-desktop ipsec[6569]:
      | ***parse ISAKMP Notification Payload:
Aug 26 12:31:25 weiqing-desktop ipsec[6569]: 
      |    next payload type: ISAKMP_NEXT_NONE
Aug 26 12:31:25 weiqing-desktop ipsec[6569]: |    length: 96
Aug 26 12:31:25 weiqing-desktop ipsec[6569]: 
      |    DOI: ISAKMP_DOI_IPSEC
Aug 26 12:31:25 weiqing-desktop ipsec[6569]: |    protocol ID: 0
Aug 26 12:31:25 weiqing-desktop ipsec[6569]: |    SPI size: 0
Aug 26 12:31:25 weiqing-desktop ipsec[6569]: 
      |    Notify Message Type: NO_PROPOSAL_CHOSEN
Aug 26 12:31:25 weiqing-desktop ipsec[6569]:
      "s1-c1" #1: ignoring informational payload, 
       type NO_PROPOSAL_CHOSEN msgid=00000000

Cisco

debug crypto를 사용하도록 설정한 경우 제안이 수락되지 않았음을 보여 주는 오류 메시지가 표시됩니다.

ciscoasa# Aug 26 18:17:27 [IKEv1]: 
      IP = 10.20.129.80, IKE_DECODE RECEIVED 
      Message (msgid=0) with payloads : HDR + SA (1)
      + VENDOR (13) + VENDOR (13) + NONE (0) total length : 148
Aug 26 18:17:27 [IKEv1 DEBUG]: IP = 10.20.129.80, 
      processing SA payload
Aug 26 18:17:27 [IKEv1]: Phase 1 failure:  Mismatched attribute 
      types for class Group Description:  Rcv'd: Group 5  
      Cfg'd: Group 2
Aug 26 18:17:27 [IKEv1]: Phase 1 failure:  Mismatched attribute 
      types for class Group Description:  Rcv'd: Group 5  
      Cfg'd: Group 2
Aug 26 18:17:27 [IKEv1]: IP = 10.20.129.80, IKE_DECODE SENDING 
      Message (msgid=0) with payloads : HDR + NOTIFY (11)
      + NONE (0) total length : 124
Aug 26 18:17:27 [IKEv1 DEBUG]: IP = 10.20.129.80, 
      All SA proposals found unacceptable
Aug 26 18:17:27 [IKEv1]: IP = 10.20.129.80, Error processing 
      payload: Payload ID: 1
Aug 26 18:17:27 [IKEv1 DEBUG]: IP = 10.20.129.80, IKE MM Responder
      FSM error history (struct &0xd8355a60)  <state>, <event>:  
      MM_DONE, EV_ERROR-->MM_START, EV_RCV_MSG-->MM_START, 
      EV_START_MM-->MM_START, EV_START_MM-->MM_START, 
      EV_START_MM-->MM_START, EV_START_MM-->MM_START, 
      EV_START_MM-->MM_START, EV_START_MM
Aug 26 18:17:27 [IKEv1 DEBUG]: IP = 10.20.129.80, IKE SA 
      MM:9e0e4511 terminating:  flags 0x01000002, refcnt 0, 
      tuncnt 0
Aug 26 18:17:27 [IKEv1 DEBUG]: IP = 10.20.129.80, sending 
      delete/delete with reason message