メインコンテンツへスキップ

提案が選択されていない場合にIPsec接続の試行が失敗する

Views:
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

適用対象

  • ONTAP 9
  • IPSec
  • リブレスワン
  • strongSWAN

問題

  • 新しいIPsec接続の開始が失敗し、「No Proposals Chosen」というエラーが表示される
  • Libreswan Pluto のログには次のように表示されます:
    • netapp.transport" #1: initiating v2 parent SA
      Jul  2 10:50:06 d00000-a-20526 pluto[26683]: "netapp.transport" #1: local IKE proposals for netapp.transport (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_384;INTEG=NONE;DH=ECP_384
      Jul  2 10:50:06 d00000-a-20526 pluto[26683]: "netapp.transport" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
      Jul  2 10:50:06 d00000-a-20526 pluto[26683]: "netapp.transport" #1: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN
  • パケットトレースには、
    • Frame 2: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) Internet Protocol Version 4, Src: 10.7.44.xx, Dst: 10.7.26.xx User Datagram Protocol, Src Port: 500, Dst Port: 500 Internet Security Association and Key Management Protocol
      Initiator SPI: b21063e9777cedc9
         Exchange type: IKE_SA_INIT (34)
         Payload: Notify (41) - NO_PROPOSAL_CHOSEN
           Notify Message Type: NO_PROPOSAL_CHOSEN (14) ~~~
  • ONTAP Charon ログには次のように表示されます。
    • Jul  3 09:19:27.456 11[CFG] received proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384
      Jul  3 09:19:27.457 11[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384
 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.

 

  • この記事は役に立ちましたか?