Displaying a host public key – H3C Technologies H3C S12500-X Series Switches User Manual
Page 177
165
481B
Analysis
Certain IKE proposal settings are incorrect.
482B
Solution
1.
Examine the IKE proposal configuration to see whether the two ends have matching IKE proposals.
2.
Modify the IKE proposal configuration to make sure the two ends have matching IKE proposals.
258B
IKE negotiation failed because no IKE proposals or IKE
keychains are referenced correctly
483B
Symptom
1.
The IKE SA is in Unknown state.
<Sysname> display ike sa
Connection-ID Remote Flag DOI
------------------------------------------------------------------
1 192.168.222.5 Unknown IPSEC
Flags:
RD--READY RL--REPLACED FD-FADING
2.
The following IKE event debugging or packet debugging message appeared:
IKE event debugging message:
Notification PAYLOAD_MALFORMED is received.
IKE packet debugging message:
Construct notification packet: PAYLOAD_MALFORMED.
484B
Analysis
•
If the following debugging information appeared, the matched IKE profile is not referencing the
matched IKE proposal:
Failed to find proposal 1 in profile profile1.
•
If the following debugging information appeared, the matched IKE profile is not referencing the
matched IKE keychain:
Failed to find keychain keychain1 in profile profile1.
485B
Solution
•
Verify that the matched IKE proposal (IKE proposal 1 in this debugging message example) is
referenced by the IKE profile (IKE profile 1 in the example).
•
Verify that the matched IKE keychain (IKE keychain 1 in this debugging message example) is
referenced by the IKE profile (IKE profile 1 in the example).