cisco ikev2 error address type not supported

A Notify Payload may appear in a response message (usually specifying why a request was rejected), in an INFORMATIONAL Exchange (to report an error not in an IKE request), or in any other message to indicate sender capabilities or to modify the meaning of the request.If this CREATE_CHILD_SA exchange is rekeying an existing SA other than the IKE_SA, the leading N payload of type REKEY_SA MUST identify the SA being rekeyed. No action taken. Nonce Ni(optional): If the CHILD_SA is created as part of the initial exchange, a second KE payload and nonce must not be sent. E.g. Same in every possible way. Responder verifies and processes the IKE_INIT message: (1) Chooses crypto suite from those offered by the initiator, (2) computes its own DH secret key, and (3) it computes a skeyid value, from which all keys can be derived for this IKE_SA. Local Address = 0.0.0.0. It seems like it's not passing domain information. Looks like its working after I added the ACL to the outside interface. Router 1 receives the IKE_SA_INIT response packet from Router 2. The link you shared is for a vEdge setup, the one I've found is for cEdge 16.12.x. Thanks. Components Used The information in this document is based on these software and hardware versions: Internet Key Exchange Version 2 (IKEv2) Cisco IOS 15.1 (1)T or later Tunnel is up on the Responder. In my case even after adding the ACL entry there was another step which was needed to fix this tunnel. - edited If it guesses wrong, the CREATE_CHILD_SA exchange fails, and it must retry with a different KEi. Learn more about how Cisco is using Inclusive Language. 1 Accepted Solution. It's in roadmap. Hi, can you please post the config that solved your problem. Are you seeing encrypts and decrypts over your IPSEC tunnel? Router 1 verifies and processes the authentication data in this packet. The sample requires that ASA devices use the IKEv2 policy with access-list-based configurations, not VTI-based. 05:29 AM. tanyatamir53355. You can also check the output of theshow crypto sessioncommand on both routers; this output shows the tunnel session status as UP-ACTIVE. I think i have the problem with the Source Interface (i receive"IKEv2-ERROR:Address type not supported" in log). Consult your VPN device vendor specifications to verify that . Create an ACL in Policies > Local Policy > Access Control ListsPermit port 500I also have the Default Action as Accept in my POC.Copy the ACL name (CTRL C) youll need it for the next step. Hence, you would see 'PFS (Y/N): N, DH group: none' until the first rekey. You wrote "had to change source interface to Service VPN". Responder initiates SA creation for that peer. Options. As far as I'm aware that feature is not supported on cEdge platforms, you can only use IPsec tunnels on the Service Side VPN. We may get it in march release if everything will be on track. Bug Details Include These parameters are identical to the one that was received from ASA1. The DH Group configured under the crypto map would be used only during rekey. The CHILD_SA packet typically contains: Router 2 now builds the reply for the CHILD_SA exchange. For more information on the differences and an explanation of the packet exchange, refer toIKEv2 Packet Exchange and Protocol Level Debugging. The IKE_AUTH packet contains: ISAKMP Header(SPI/ version/flags), IDi(initiator's identity), AUTH payload, SAi2(initiates the SA-similar to the phase 2 transform set exchange in IKEv1), and TSi and TSr (Initiator and Responder Traffic selectors): They contain the source and destination address of the initiator and responder respectively for forwarding/receiving encrypted traffic. IKEv2 is the supporting protocol for IP Security Protocol (IPsec) and is used for performing mutual authentication and establishing and maintaining security associations (SAs). New here? I notice the guide was written for the vEdge. 08-08-2018 Do you had to apply some NAT config? 4 Sep 18 2018 17:40:58 750003 Local:80.x.y.z:500 Remote:51.a.b.c:500 Username:51.a.b.c IKEv2 Negotiation aborted due to ERROR: Detected unsupported . Configure Phase 1 Settings For IKEv1. When i run debug on Cisco ASA i found following, also when tunnel is up i am seeing following messaged in debugging, not sure what is going on. ", https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/Security/Security-Book/security-book_chapter_01.html?bookSearch=true#c_Configuring_IKE_Enabled_IPsec_Tunnels_12216.xml. Customers Also Viewed These Support Documents, https://www.cisco.com/c/en/us/support/docs/security/flexvpn/115907-config-flexvpn-wcca-00.html. The difference between IKEv1 and IKEv2 is that, in the latter, the Child SAs are created as part of AUTH exchange itself. The address range specifies that all traffic to and from that range are tunnelled. These debug commands are used in this document: *Nov 11 20:28:34.003: IKEv2:Got a packet from dispatcher *Nov 11 20:28:34.003: IKEv2: Processing an item off the pak queue *Nov 11 19:30:34.811: IKEv2:% Getting preshared key by address 10.0.0.2 *Nov 11 19:30:34.811: IKEv2:Adding Proposal PHASE1-prop to toolkit policyle *Nov 11 19:30:34.811: IKEv2:(1): Choosing IKE profile IKEV2-SETUP *Nov 11 19:30:34.811: IKEv2:New ikev2 sa request admitted *Nov 11 19:30:34.811: IKEv2:Incrementing outgoing negotiating sa count by one. In this document . Initiator starts IKE_AUTH exchange and generates the authentication payload. Initiator building IKE_INIT_SA packet. You cannot configure IKEv2 through the user interface. Edit your Feature Template for the VPN Interface Ethernet that is applied to your physical interface in VPN0.Under ACL/QOS add a IPv4 Ingress Access List using the name of the ACL you created in the first step. I have a working IPSEC project in GNS3 that uses csr1000 and 7200 routers, VTI interfaces, and IKEv1. With IKEv1, you see a different behavior, because Child SA creation happens during Quick Mode, and the CREATE_CHILD_SA message has a provision to carry the Key Exchange payload that specifies the DH parameters to derive a new shared secret. currently using 4.8, seems to have solved all issues. 189035: *Aug 8 14:01:22.161 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation), AES-CBC SHA256 SHA256 DH_GROUP_2048_MODP/Group 14, 189036: *Aug 8 14:01:22.161 Chicago: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s), 189037: *Aug 8 14:01:22.161 Chicago: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'TP-self-signed-653483565', 189038: *Aug 8 14:01:22.161 Chicago: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints, 189039: *Aug 8 14:01:22.161 Chicago: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints FAILED, 189040: *Aug 8 14:01:22.161 Chicago: IKEv2:Failed to retrieve Certificate Issuer list, 189041: *Aug 8 14:01:22.161 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Sending Packet [To 2.2.2.2:500/From 1.1.1.1:500/VRF i0:f0], Initiator SPI : 8A15E970577C6140 - Responder SPI : 0550071FA9DFE718 Message id: 0, SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP), 189042: *Aug 8 14:01:22.161 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Completed SA init exchange, 189043: *Aug 8 14:01:22.161 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Starting timer (30 sec) to wait for auth message, 189044: *Aug 8 14:01:22.429 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Received Packet [From 2.2.2.2:4500/To 1.1.1.1:500/VRF i0:f0], Initiator SPI : 8A15E970577C6140 - Responder SPI : 0550071FA9DFE718 Message id: 1, IDi NOTIFY(INITIAL_CONTACT) NOTIFY(Unknown - 16396) IDr AUTH CFG NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) SA TSi TSr, 189045: *Aug 8 14:01:22.429 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Stopping timer to wait for auth message, 189046: *Aug 8 14:01:22.429 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Checking NAT discovery, 189047: *Aug 8 14:01:22.429 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):NAT OUTSIDE found, 189048: *Aug 8 14:01:22.429 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):NAT detected float to init port 4500, resp port 4500, 189049: *Aug 8 14:01:22.433 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Searching policy based on peer's identity '10.5.1.70' of type 'IPv4 address', 189050: *Aug 8 14:01:22.433 Chicago: IKEv2:found matching IKEv2 profile 'FlexVPN', 189051: *Aug 8 14:01:22.433 Chicago: IKEv2:% Getting preshared key from profile keyring keys, 189052: *Aug 8 14:01:22.433 Chicago: IKEv2:% Matched peer block 'DYNAMIC', 189053: *Aug 8 14:01:22.433 Chicago: IKEv2:Searching Policy with fvrf 0, local address 1.1.1.1, 189054: *Aug 8 14:01:22.433 Chicago: IKEv2:Found Policy 'ikev2policy', 189055: *Aug 8 14:01:22.433 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Verify peer's policy, 189056: *Aug 8 14:01:22.433 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Peer's policy verified, 189057: *Aug 8 14:01:22.433 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Get peer's authentication method, 189058: *Aug 8 14:01:22.433 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Peer's authentication method is 'PSK', 189059: *Aug 8 14:01:22.433 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Get peer's preshared key for 10.5.1.70, 189060: *Aug 8 14:01:22.433 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Verify peer's authentication data, 189061: *Aug 8 14:01:22.433 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Use preshared key for id 10.5.1.70, key len 7, 189062: *Aug 8 14:01:22.433 Chicago: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data, 189063: *Aug 8 14:01:22.433 Chicago: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED, 189064: *Aug 8 14:01:22.433 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Verification of peer's authenctication data PASSED, 189065: *Aug 8 14:01:22.433 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Processing INITIAL_CONTACT, 189066: *Aug 8 14:01:22.433 Chicago: IKEv2:(SESSION ID = 8673,SA ID = 1):Received valid config mode data. Which Interface did you use? The packet exchange in IKEv2 is radically different from packet exchange in IKEv1. Select the " Show Advanced Settings " option on the top left and make sure the enable box is checked. All rights reserved. 01:52 PM This is not a bug, even though the behavior is described in Cisco bug IDCSCug67056. A Notify Payload might appear in a response message (usually specifying why a request was rejected), in an informational exchange (to report an error not in an IKE request), or in any other message to indicate sender capabilities or to modify the meaning of the request. They contain the source and destination address of the initiator and responder respectively for forwarding/receiving encrypted traffic. It might be initiated by either end of the IKE_SA after the initial exchanges are completed. The VPN is not connecting at all. All traffic must be accepted and specific routing is needed to direct traffic into specific tunnels. Router 2 builds the response to IKE_AUTH packet that it received from Router 1. Tunnel is up on the Initiator and the status shows. The documentation set for this product strives to use bias-free language. IKEv2 Payload Types Transform Type Values IKEv2 Transform Attribute Types Transform Type 1 - Encryption Algorithm Transform IDs Transform Type 2 - Pseudorandom Function Transform IDs Transform Type 3 - Integrity Algorithm Transform IDs Transform Type 4 - Key Exchange Method Transform IDs Transform Type 5 - Extended Sequence Numbers Transform IDs The sample configuration connects a Cisco ASA device to an Azure route-based VPN gateway. *Nov 11 19:31:35.873: IKEv2:Got a packet from dispatcher *Nov 11 19:31:35.873: IKEv2:Processing an item off the pak queue *Nov 11 19:31:35.873: IKEv2:(SA ID = 2):Request has mess_id 3; expected 3 through 7 *Nov 11 19:31:35.873: IKEv2:(SA ID = 2):Next payload: ENCR, version: 2.0Exchange type: CREATE_CHILD_SA, flags:INITIATORMessage id: 3, length: 396 Payload contents: SANext payload: N, reserved: 0x0, length: 152 last proposal: 0x0, reserved: 0x0, length: 148 Proposal: 1, Protocol id: IKE, SPI size: 8, #trans: 15 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 NNext payload: KE, reserved: 0x0, length: 24 KE Next payload: NOTIFY, reserved: 0x0, length: 136 DH group: 2, Reserved: 0x0 *Nov 11 19:31:35.874: IKEv2:Parse Notify Payload: SET_WINDOW_SIZENOTIFY(SET_WINDOW_SIZE) Next payload: NONE, reserved: 0x0, length: 12 Security protocol id: IKE, spi size: 0, type: SET_WINDOW_SIZE *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: READY Event:EV_RECV_CREATE_CHILD *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):Action: Action_Null *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_INIT Event: EV_RECV_CREATE_CHILD *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):Action: Action_Null *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_INIT Event: EV_VERIFY_MSG *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_INIT Event: EV_CHK_CC_TYPE *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_IKE Event:EV_REKEY_IKESA *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_IKE Event: EV_GET_IKE_POLICY *Nov 11 19:31:35.874: IKEv2:%Getting preshared key by address 10.0.0.2 *Nov 11 19:31:35.874: IKEv2:% Getting preshared key by address 10.0.0.2 *Nov 11 19:31:35.874: IKEv2:Adding Proposal PHASE1-prop to toolkit policy *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):Using IKEv2 profile 'IKEV2-SETUP' *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_IKE Event: EV_PROC_MSG *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_IKE Event: EV_SET_POLICY *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):Setting configured policies *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_BLD_MSG Event: EV_GEN_DH_KEY *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_BLD_MSG Event: EV_NO_EVENT *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_BLD_MSG Event: EV_OK_RECD_DH_PUBKEY_RESP *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):Action: Action_Null *Nov 11 19:31:35.874: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_BLD_MSG Event:EV_GEN_DH_SECRET *Nov 11 19:31:35.881: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_BLD_MSG Event: EV_NO_EVENT *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_BLD_MSG Event: EV_OK_RECD_DH_SECRET_RESP *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):Action: Action_Null *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_BLD_MSG Event: EV_BLD_MSG *Nov 11 19:31:35.882:IKEv2:ConstructNotify Payload: SET_WINDOW_SIZE Payload contents: SANext payload: N, reserved: 0x0, length: 56 last proposal: 0x0, reserved: 0x0, length: 52 Proposal: 1, Protocol id: IKE, SPI size: 8, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 NNext payload: KE, reserved: 0x0, length: 24 KE Next payload: NOTIFY, reserved: 0x0, length: 136 DH group: 2, Reserved: 0x0 NOTIFY(SET_WINDOW_SIZE) Next payload: NONE, reserved: 0x0, length: 12 Security protocol id: IKE, spi size: 0, type: SET_WINDOW_SIZE, *Nov 11 19:31:35.869: IKEv2:(SA ID = 2):Next payload: ENCR, version: 2.0 Exchange type:CREATE_CHILD_SA, flags:INITIATORMessage id: 2, length: 460 Payload contents: ENCR Next payload: SA, reserved: 0x0, length: 432, *Nov 11 19:31:35.873: IKEv2:Construct Notify Payload: SET_WINDOW_SIZE Payload contents: SANext payload: N, reserved: 0x0, length: 152 last proposal: 0x0, reserved: 0x0, length: 148 Proposal: 1, Protocol id: IKE, SPI size: 8, #trans: 15 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 NNext payload: KE, reserved: 0x0, length: 24 KENext payload: NOTIFY, reserved: 0x0, length: 136 DH group: 2, Reserved: 0x0 NOTIFY(SET_WINDOW_SIZE) Next payload: NONE, reserved: 0x0, length: 12 Security protocol id: IKE, spi size: 0, type: SET_WINDOW_SIZE, *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):Next payload: ENCR, version: 2.0 Exchange type:CREATE_CHILD_SA,flags:RESPONDER MSG-RESPONSEMessage id: 3, length: 300 Payload contents: SANext payload: N, reserved: 0x0, length: 56 last proposal: 0x0, reserved: 0x0, length: 52 Proposal: 1, Protocol id: IKE, SPI size: 8, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 NNext payload: KE, reserved: 0x0, length: 24 KENext payload: NOTIFY, reserved: 0x0, length: 136 DH group: 2, Reserved: 0x0 *Nov 11 19:31:35.882: IKEv2:Parse Notify Payload: SET_WINDOW_SIZENOTIFY(SET_WINDOW_SIZE) Next payload: NONE, reserved: 0x0, length: 12 Security protocol id: IKE, spi size: 0, type: SET_WINDOW_SIZE *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState:CHILD_I_WAITEvent:EV_RECV_CREATE_CHILD *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):Action: Action_Null *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState:CHILD_I_PROCEvent: EV_CHK4_NOTIFY *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState: CHILD_I_PROC Event:EV_VERIFY_MSG *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState: CHILD_I_PROC Event: EV_PROC_MSG *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState: CHILD_I_PROC Event: EV_CHK4_PFS *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState: CHILD_I_PROC Event: EV_GEN_DH_SECRET *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState: CHILD_I_PROC Event: EV_NO_EVENT *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState: CHILD_I_PROC Event: EV_OK_RECD_DH_SECRET_RESP *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):Action: Action_Null *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState: CHILD_I_PROC Event: EV_CHK_IKE_REKEY *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState: CHILD_I_PROC Event: EV_GEN_SKEYID *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):Generate skeyid *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState:CHILD_I_DONEEvent:EV_ACTIVATE_NEW_SA *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState: CHILD_I_DONE Event: EV_UPDATE_CAC_STATS *Nov 11 19:31:35.890: IKEv2:New ikev2 sa request activated *Nov 11 19:31:35.890: IKEv2:Failed to decrement count for outgoing negotiating *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState: CHILD_I_DONE Event: EV_CHECK_DUPE *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState: CHILD_I_DONE Event: EV_OK *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003 CurState: EXIT Event: EV_CHK_PENDING *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):Processed response with message id 3, Requests can be sent from range 4 to 8 *Nov 11 19:31:35.890: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (I) MsgID = 00000003CurState: EXITEvent: EV_NO_EVENT, *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):Next payload: ENCR, version: 2.0 Exchange type:CREATE_CHILD_SA, flags:RESPONDER MSG-RESPONSEMessage id: 3, length: 300 Payload contents: ENCR Next payload: SA, reserved: 0x0, length: 272 *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_BLD_MSG Event:EV_CHK_IKE_REKEY *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_BLD_MSG Event: EV_GEN_SKEYID *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):Generate skeyid *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_DONE Event:EV_ACTIVATE_NEW_SA *Nov 11 19:31:35.882: IKEv2:Store mib index ikev2 3, platform 62 *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_DONE Event: EV_UPDATE_CAC_STATS *Nov 11 19:31:35.882: IKEv2:New ikev2 sa request activated *Nov 11 19:31:35.882: IKEv2:Failed to decrement count for incoming negotiating *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState:CHILD_R_DONEEvent: EV_CHECK_DUPE *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_DONE Event: EV_OK *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: CHILD_R_DONE Event: EV_START_DEL_NEG_TMR *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):Action: Action_Null *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003 CurState: EXIT Event: EV_CHK_PENDING *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):Sent response with message id 3, Requests can be accepted from range 4 to 8 *Nov 11 19:31:35.882: IKEv2:(SA ID = 2):SM Trace-> SA: I_SPI=0C33DB40DBAAADE6 R_SPI=F14E2BBA78024DE3 (R) MsgID = 00000003CurState: EXITEvent: EV_NO_EVENT.

cisco ikev2 error address type not supported 2023