"no ike version matches this connection" is ambiguous; if the connection is failing to come up it's an error and the underlying cause needs to be fixed. If you have a mix of IKE1 and IKE2 stuff and the IKE2 stuff is warning that it can't do negotiations with IKE1, but proceeding to complete negotiations, then it's not a problem. I'm with Marius, we need more configuration information and log file to provide context for advice. What other crypto-related messages are being logged?
Also, could you post sanitized versions of things like:
sho run crypto
The amount of log information collected will go up if you can do things like:
logging trap debugging
debug crypto ...
Historically Cisco has suggested debug levels of 10, 120, and 254 to me depending on what we were looking for.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...