On Fri, Jul 15, 2016 at 2:08 PM, Marc R. Meshurle Jr. <m...@katotech.com> wrote: > x.x.x.x is the PFSense and y.y.y.y is the Cisco > > Jul 16 00:05:54 charon: 11[IKE] <con2000|673> deleting IKE_SA con2000[673] > between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y] > Jul 16 00:05:54 charon: 11[IKE] <con2000|673> received DELETE for IKE_SA > con2000[673] > Jul 16 00:05:54 charon: 11[ENC] <con2000|673> parsed INFORMATIONAL_V1 request > 3030444427 [ HASH D ] > Jul 16 00:05:54 charon: 11[NET] <con2000|673> received packet: from > y.y.y.y[500] to x.x.x.x[500] (84 bytes) > Jul 16 00:05:54 charon: 05[IKE] <con2000|673> received NO_PROPOSAL_CHOSEN > error notify > Jul 16 00:05:54 charon: 05[ENC] <con2000|673> parsed INFORMATIONAL_V1 request > 1608868438 [ HASH N(NO_PROP) ]
No proposal means something doesn't match in your config. The ASA is sending that, it might be logging something more useful as to why it's sending NO_PROP. No way to tell anything other than "config doesn't match" from the logs on that side. It's a mismatch in P1. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
