Skip to main content
NetApp Knowledge Base

IPsec connection attempt fails with No Proposals Chosen

Views:
135
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • IPSEC
  • Libreswan
  • Strongswan

Issue

  • Initiating new IPsec connections fails with error "No Proposals Chosen"
  • Libreswan Pluto logs show:
    • netapp.transport" #1: initiating v2 parent SA
      Jul  2 10:50:06 d00000-a-20526 pluto[26683]: "netapp.transport" #1: local IKE proposals for netapp.transport (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_384;INTEG=NONE;DH=ECP_384
      Jul  2 10:50:06 d00000-a-20526 pluto[26683]: "netapp.transport" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
      Jul  2 10:50:06 d00000-a-20526 pluto[26683]: "netapp.transport" #1: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN
  • Packet trace shows:
    • Frame 2: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) Internet Protocol Version 4, Src: 10.7.44.xx, Dst: 10.7.26.xx User Datagram Protocol, Src Port: 500, Dst Port: 500 Internet Security Association and Key Management Protocol
      Initiator SPI: b21063e9777cedc9
          Exchange type: IKE_SA_INIT (34)
          Payload: Notify (41) - NO_PROPOSAL_CHOSEN
              Notify Message Type: NO_PROPOSAL_CHOSEN (14) ~~~
  • ONTAP Charon logs show:
    • Jul  3 09:19:27.456 11[CFG] received proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384
      Jul  3 09:19:27.457 11[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384
 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.