- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Practical Tutorial
- IPsec VPN
- Connect via Direct Connect or VPN Connection to Interconnect the Primary and Replica Links for Redundant Communication (Auto-Switch)
- Hybrid Cloud Primary/Secondary Communication (DC and VPN)
- Connecting IDC to CCN
- Local Gateway Configurations
- Connecting IDC to a Single Tencent Cloud VPC for Primary/Secondary Disaster Recovery
- Dedicated Private Network Traffic Encrypted Via a Private Network VPN Gateway
- Establishing a VPN Connection between Tencent Cloud and Azure China
- Establishing Connection Between IDC and Cloud Resources (Dynamic BGP)
- SSL VPN
- IPsec VPN
- API Documentation
- FAQs
- Troubleshooting
- Service Agreement
- Contact Us
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Practical Tutorial
- IPsec VPN
- Connect via Direct Connect or VPN Connection to Interconnect the Primary and Replica Links for Redundant Communication (Auto-Switch)
- Hybrid Cloud Primary/Secondary Communication (DC and VPN)
- Connecting IDC to CCN
- Local Gateway Configurations
- Connecting IDC to a Single Tencent Cloud VPC for Primary/Secondary Disaster Recovery
- Dedicated Private Network Traffic Encrypted Via a Private Network VPN Gateway
- Establishing a VPN Connection between Tencent Cloud and Azure China
- Establishing Connection Between IDC and Cloud Resources (Dynamic BGP)
- SSL VPN
- IPsec VPN
- API Documentation
- FAQs
- Troubleshooting
- Service Agreement
- Contact Us
- Glossary
IPSec VPN Error Description for Negotiation Failure
Last updated: 2024-12-20 10:45:28
Negotiation Phase | Error Prompt Information | Description |
IKE Negotiation | no match proposal | The IKE policies configured on the cloud side and the client side are inconsistent, please check. |
| DH group not supported | The DH group configured on the client side is not supported by the cloud side, please modify your local configuration. |
| responder no peer config found by ID payload | The Local Identifier and Peer Identification configured on the cloud side are inconsistent with those configured on the client side, resulting in no response from the Responder. |
| initiator no peer config found by ID payload | The Local Identifier and Peer Identification configured on the cloud side are inconsistent with those configured on the client side, resulting in no response from the Requester. |
| received xxx error notify | The cloud side received a message of negotiation failure from the client side. |
IPSec Negotiation | DH group xxx not supported | The DH Group configured on the client side is not supported by the cloud side, please modify your local DH Group. |
| reponder no matching CHILD_SA config for TS | The ts configured on the cloud side and the client side are inconsistent, please check. |
| no matching proposal, configured xxx, received xxx | The child configurations on the cloud side and the client side do not match. |
| received xxx error notify in the payload | The cloud side received a message of negotiation failure from the client side. |
Phase 1 | IKE_NEGO: received NO_PROPOSAL_CHOSEN error notify | The cloud side received a message of negotiation failure from the client side. Possible cause: The Internet Key Exchange (IKE) configurations were inconsistent. |
| IKE_NEGO: retransmit IKEv1 Main Mode Initiator 5th message 2 times, message ID 0 | Number of times the cloud side retransmitted the IKE negotiation messages. Possible cause: There was no response from the client-side VPN gateway or there was an issue with the public network. |
| TANS_IKE_NEGO: invalid HASH_V1 payload length, decryption failed | The cloud side failed to decrypt the message. Possible cause: The negotiated secrets were inconsistent, resulting in decryption failure, decrypted garbled characters, or non-standard protocol messages. |
| IKE_SA_ESTABLISH_FAIL:Failed to establish IKE SA for the reason of no matching proposal, configured [IKE:xxx/xxx/xxx/xxx], received [IKE:xxx/xxx/xxx/xxx]. ike connection: xxx, my ip: x.x.x.x, peer ip: x.x.x.x. | Phase 1 negotiation failed. Possible cause: The IKE policies configured on the cloud side and the client side were inconsistent. |
| IKE_SA_ESTABLISH_FAIL:Failed to establish IKE SA for the reason of responder no peer config found by ID payload, received[ID_IPV4_ADDR:x.x.x.x]. ike connection: xxx, my ip: x.x.x.x, peer ip: x.x.x.x. | Phase 1 negotiation failed. Possible cause: The IKE identifiers on the cloud side and the client side were inconsistent or the negotiation modes were inconsistent. |
| IKE_SA_ESTABLISH_FAIL:Failed to establish IKE SA for the reason of initiator no peer config found by ID payload, configured[ID_IPV4_ADDR:x.x.x.x], received[ID_IPV4_ADDR:x.x.x.x]. ike connection: , my ip: x.x.x.x, peer ip: x.x.x.x. | Phase 1 negotiation failed. Possible cause: The IKE identifiers on the cloud side and the client side were inconsistent. |
| IKE_SA_ESTABLISH_FAIL:Failed to establish IKE SA for the reason of peer no response. ike connection: xxx, my ip: x.x.x.x, peer ip: x.x.x.x. | Phase 1 negotiation failed. Possible cause: No response was received from the client side. |
| IKE_SA_ESTABLISH_FAIL:Failed to establish IKE SA for the reason of no matching secret. ike connection: xxx, my ip: x.x.x.x, peer ip: x.x.x.x. | Phase 1 negotiation failed. Possible cause: The pre-shared keys on the cloud side and the client side were inconsistent. |
| IKE_NEGO: retransmit IKEv1 Main Mode Initiator x st message x times, message ID x | The VPN tunnel (vpnx-xxx) shows retransmission of IKE V1 main mode messages. Possible cause: There was no response from the peer. |
Phase 2 | n of no matching proposal, configured [ESP:xxx/xxx/xxx/xxx], received [ESP:xxx/xxx/xxx/xxx]. ike connection: xxx, my ip: x.x.x.x, peer ip: x.x.x.x. | Phase 2 negotiation failed. Possible cause: The IPSec parameters configured on the cloud side and the client side were inconsistent. |
| IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPSEC SA for the reason of reponder no matching CHILD_SA config for TS, recieved[x.x.x.x/xx === x.x.x.x/xx]. ike connection: xxx, my ip: x.x.x.x, peer ip: x.x.x.x. | Phase 2 negotiation failed. Possible cause: The traffic of interest configured on the cloud side and the client side did not match. |
DPD | IKE_NEGO: retransmit x of request with message ID xx; IKE_NEGO: retransmit IKEv2 DPD Initiator request x times, message ID xx | The VPN tunnel shows retransmission of Dead Peer Detection (DPD) messages. Possible cause: There was no response from the peer or there was a quality issue with the public network. Note: DPD message retransmission does not necessarily indicate a VPN fault. |
Health check | ALERT/SGW_VPN_PROBE_FAIL: VPN link probe fail, Connection ID:xxx_conn, User gateway IP: x.x.x.x, SGW Management IP: x.x.x.x | VPN tunnel health check failed. Possible cause: The peer did not respond to VPN tunnel health check messages. Note: Health check failure does not necessarily indicate a VPN fault. |
Yes
No
Was this page helpful?