Received N(TS_UNACCEPTABLE) message
Setup is a central M370 cluster, now running 12.6.2 U3 and multiple T15 running 12.5.3 12.5.5 U1. Between each device is a bovpn vif tunnel using GRE.
For some time i have this problem a tunnel will not establish (for exampel if a T15 is power cycled) between the cluster and the end remote device. Yesterday i saw the issue again. It have not happened enough times for me to look futher into this or i have been to busy with other issues.
What was beeing logged on the T15 device was:
iked: msg_id="021A-0016" (T15<->M370)IKEv2 IKE_AUTH exchange from T15:500 to M370:500 failed. Tunnel='NetGroup'. Reason=Received N(TS_UNACCEPTABLE) message.
If i rekey the tunnel from the T15 device, the tunnel will not establish, only the second i rekey from the M370 cluster. This is consistent.
Today i search through Dimension for the logs, but can not find anything related to this issue (seems it´s not getting logged), so the only log i could find was the above from a support logfile i got from the T15 device with FSM. So i have no logs from the cluster side, but believe it was the same iked message.
This has happened through several fireware versions, and it only happens with tunnels configured as bovpn VIF. Before i moved all these tunnels to VIF interfaces, i never saw this issue. The same T15 devices also has a vpn tunnel to a second M370 cluster, but the tunnels a all configured without VIF and these tunnels never has this issue.
Any clue why fireware will report mismatching proxy ID´s and only a rekey from the cluster side will fix it and establish the tunnel?