Some strange problems started for (almost) no apparent reason with one of the ipsec tunnels controled by RB333 (ros 3.7), other side is running Sidewinder 7.006 Appliance. Problem seem to appear when other side has switched version from 6.x to this 7.006, and it manifest in log file like this:
IPsec-SA request for dst-ip queued due to no phase1 found.
initiate new phase 1 negotiation: sa-ip[500]<=>dst-ip[500]
begin Identity Protection mode.
ISAKMP-SA established sa-ip[500]-dst-ip[500] spi:48dfccec46a46ba6:58892c2c9bcc4a38
initiate new phase 2 negotiation: sa-ip[500]<=>dst-ip[500]
no suitable transform found.
proposal mismathed.
failed to pre-process packet.
phase2 negotiation failed.
respond new phase 2 negotiation: sa-ip[500]<=>dst-ip[500]
invalid length of payload
failed to pre-process packet.
Configuration on either side was not changed, ROS just started to report these issues. Why am I writing here instead to Sidewinder support is that other side is running multiple vpns to various clients, and we also have another one to the same device but from linux machine and they are all running ok. We tried all possible combinations of settings, but always end up with these messages. Anyone, anyone?
thanx,
Vladimir
