Try to enable debug on Cisco side. https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#iosdbgs
You need to understand which proposal is declined. I also suggest to recheck your cisco and strongswan config to ensure that proposals for SA2 are the same. On Tue, Oct 15, 2019 at 10:44 PM Steve Pniewski - ARTEMUS < [email protected]> wrote: > When we create VPN connection, it goes through 2 phases. Only if both the > phases are successful we can say the connection is success. > > In our case the phase 1 is successful. > > In phase 2 we are getting back a status called “NO_PROPOSAL_CHOSEN’ > message from the cisco router. > > We are not able to identify why this is happening , hence had included the > logs from both sides. > > Anyone have experience with strongSwan connecting to Cisco Router? We > have included logs from both sides. >
