HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 246
Analysis, Solution, IPsec SA negotiation failed due to invalid identity information, Symptom
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 246 highlights
Analysis Certain IPsec policy settings are incorrect. Solution 1. Examine the IPsec configuration to see whether the two ends have matching IPsec transform sets. 2. Modify the IPsec configuration to make sure the two ends have matching IPsec transform sets. IPsec SA negotiation failed due to invalid identity information Symptom 1. The display ike sa command shows that the IKE SA negotiation succeeded and the IKE SA is in RD state, but the display ipsec sa command shows that the expected IPsec SA has not been negotiated yet. 2. The following IKE debugging message appeared: Notification INVALID_ID_INFORMATION is received. Or: Failed to get IPsec policy when renegotiating IPsec SA. Delete IPsec SA. Construct notification packet: INVALID_ID_INFORMATION. Analysis Certain IPsec policy settings of the responder are incorrect. Verify the settings as follows: 1. Use the display ike sa verbose command to verify that matching IKE profiles were found in IKE negotiation phase 1. If no matching IKE profiles were found and the IPsec policy is referencing an IKE profile, the IPsec SA negotiation fails. # Verify that matching IKE profiles were found in IKE negotiation phase 1. display ike sa verbose Connection ID: 3 Outside VPN: Inside VPN: Profile: Transmitting entity: Responder Local IP: 192.168.222.5 Local ID type: IPV4_ADDR Local ID: 192.168.222.5 Remote IP: 192.168.222.71 Remote ID type: IPV4_ADDR Remote ID: 192.168.222.71 Authentication-method: PRE-SHARED-KEY Authentication-algorithm: MD5 Encryption-algorithm: 3DES-CBC Life duration(sec): 86400 Remaining key duration(sec): 85847 237