cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10525
Views
1
Helpful
3
Replies

IKE v2 doesn't have a proposal specified

Erik-234577235
Level 1
Level 1

why do I get that error, even when never IKEv2 has been used or enabled in a L2L config?

on 4 identically configured asas, I only get that error on 1 device, and so the tunnel doesn't come up.

thx for tipps

DN

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

There must be something different with the non-working one.

I would assume you've verified the software version (8.4(1) or later) and the configuration lines supporting your IKEv2 L2L tunnel?

Beyond that, I'd suggest providing the config for us to have a first-hand look.

all asas have 8.4.3 installed.

i have NO IKEv2 activated. So why should I find lines supporting that? the pre-installed IKE policies are there, yes. But nothing more. I will provide you with the configs as soon as the devices are reachable again...

--edit--

In the main office I see 3 asas connecting in the syslog messages. the one with the most problems is not visible.

I'm connected via rdp on a server behind the asa in the branchoffice. From there I have the asdm open and I'm seeing that the asa tries to build up the tunnel. But on the mainoffice I don't see any try for connecting.

Very strange. How can that be? From that asa I can ping the public IP of the mainoffice - and there I see the pings coming and replying.

Thx

DN

Could you have possibly omitted specifying IKE version altogether on the non-working VPN tunnel? That was the default prior to 8.4 when there was no IKEv2 support.

That might cause it to try both protocols and, since neither end has an IKEv2 proposal chosen, fail with the message you are seeing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: