We are trying to connect an IPSec VPN to our customer but having a hard time to get it to work.
The VPN-settings that we received from client:
- IKE Version: 1
- Authentication: PSK
- IKE Hash: SHA1
- IKE Encryption: AES 256 CBC
- IKE DH Group: 5
- Remote IP: <hidden>
- PSK: <hidden>
Now, if I create an IPSec VPN with this in Google cloud then I get this error:
Status: Proposal mismatch in IKE SA (phase 1). Found inconsistency
between proposals, Consider updating the following parameters:
DIFFIE_HELLMAN_GROUP,ENCRYPTION_ALGORITHM
In the logs I'm seeing this:
initiating Main Mode IKE_SA vpn_<_hidden_>[453] to <_hidden_>
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from <_hidden_>[500] to <_hidden_>[500] (156 bytes)
received packet: from <_hidden_>[500] to <_hidden_>[500] (40 bytes)
parsed INFORMATIONAL_V1 request 0 [ N(NO_PROP) ] received NO_PROPOSAL_CHOSEN
error notify The peer gateway notifies: Proposal mismatch in IKE SA
(phase 1) , Please look at peer logs.
Any hints?
Best Answer
Already found answer on https://cloud.google.com/vpn/docs/how-to/creating-vpns#set_up_the_peer_vpn_gateway :
Additional parameters for IKEv1 only: