<div dir="ltr">The first thing to check is 200.10.1.X is allowing UDP/4500 inbound. That being said, you should really rethink your ciphers, 3DES/SHA1 shouldn't be a thing anymore.<div><br></div><div>Chris.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Mar 14, 2019 at 4:57 PM MOSES KARIUKI <<a href="mailto:kariukims@gmail.com">kariukims@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Dear Team,</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">I have not been able to connect from a Fortigate firewall client to my Sttrongswan Host. These are the parameters set up on the Fortigate :</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><table border="0" cellpadding="0" cellspacing="0" width="279" style="border-collapse:collapse;width:209pt">
<colgroup><col width="172" style="width:129pt">
<col width="107" style="width:80pt">
</colgroup><tbody><tr height="21" style="height:15.75pt">
<td height="21" class="gmail-m_4544523936014396528gmail-xl67" width="172" style="height:15.75pt;width:129pt;font-size:10pt;font-weight:700;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:1pt solid windowtext;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Authentication
Method</td>
<td class="gmail-m_4544523936014396528gmail-xl66" width="107" style="width:80pt;font-size:10pt;text-align:center;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:none;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Pre-Shared Secret</td>
</tr>
<tr height="21" style="height:15.75pt">
<td height="21" class="gmail-m_4544523936014396528gmail-xl67" width="172" style="height:15.75pt;width:129pt;font-size:10pt;font-weight:700;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:1pt solid windowtext;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Encryption
Schema</td>
<td class="gmail-m_4544523936014396528gmail-xl66" width="107" style="width:80pt;font-size:10pt;text-align:center;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:none;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">IKE</td>
</tr>
<tr height="21" style="height:15.75pt">
<td height="21" class="gmail-m_4544523936014396528gmail-xl67" width="172" style="height:15.75pt;width:129pt;font-size:10pt;font-weight:700;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:1pt solid windowtext;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Perfect
Forward Secrecy- IKE</td>
<td class="gmail-m_4544523936014396528gmail-xl66" width="107" style="width:80pt;font-size:10pt;text-align:center;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:none;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">DH Group-5</td>
</tr>
<tr height="21" style="height:15.75pt">
<td height="21" class="gmail-m_4544523936014396528gmail-xl67" width="172" style="height:15.75pt;width:129pt;font-size:10pt;font-weight:700;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:1pt solid windowtext;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Encryption
Algorithm</td>
<td class="gmail-m_4544523936014396528gmail-xl66" width="107" style="width:80pt;font-size:10pt;text-align:center;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:none;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">3DES</td>
</tr>
<tr height="21" style="height:15.75pt">
<td height="21" class="gmail-m_4544523936014396528gmail-xl67" width="172" style="height:15.75pt;width:129pt;font-size:10pt;font-weight:700;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:1pt solid windowtext;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Hashing
Algorithm</td>
<td class="gmail-m_4544523936014396528gmail-xl66" width="107" style="width:80pt;font-size:10pt;text-align:center;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:none;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">SHA1</td>
</tr>
<tr height="21" style="height:15.75pt">
<td height="21" class="gmail-m_4544523936014396528gmail-xl67" width="172" style="height:15.75pt;width:129pt;font-size:10pt;font-weight:700;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:1pt solid windowtext;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Renegotiate
IKE SA every</td>
<td class="gmail-m_4544523936014396528gmail-xl66" width="107" style="width:80pt;font-size:10pt;text-align:center;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:none;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">28800</td>
</tr>
<tr height="39" style="height:29.25pt">
<td height="39" class="gmail-m_4544523936014396528gmail-xl67" width="172" style="height:29.25pt;width:129pt;font-size:10pt;font-weight:700;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:1pt solid windowtext;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Main or
Aggressive Mode<font class="gmail-m_4544523936014396528gmail-font5" style="font-size:10pt;font-family:"Times New Roman",serif"> </font></td>
<td class="gmail-m_4544523936014396528gmail-xl66" width="107" style="width:80pt;font-size:10pt;text-align:center;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:none;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Main</td>
</tr>
<tr height="21" style="height:15.75pt">
<td height="21" class="gmail-m_4544523936014396528gmail-xl67" width="172" style="height:15.75pt;width:129pt;font-size:10pt;font-weight:700;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:1pt solid windowtext;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">IPSec</td>
<td class="gmail-m_4544523936014396528gmail-xl66" width="107" style="width:80pt;font-size:10pt;text-align:center;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:none;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">ESP</td>
</tr>
<tr height="35" style="height:26.25pt">
<td height="35" class="gmail-m_4544523936014396528gmail-xl67" width="172" style="height:26.25pt;width:129pt;font-size:10pt;font-weight:700;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:1pt solid windowtext;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Perfect
Forward Secrecy-IPSEC </td>
<td class="gmail-m_4544523936014396528gmail-xl66" width="107" style="width:80pt;font-size:10pt;text-align:center;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:none;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">DH Group-2</td>
</tr>
<tr height="21" style="height:15.75pt">
<td height="21" class="gmail-m_4544523936014396528gmail-xl67" width="172" style="height:15.75pt;width:129pt;font-size:10pt;font-weight:700;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:1pt solid windowtext;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Encryption
Algorithm IPSec</td>
<td class="gmail-m_4544523936014396528gmail-xl66" width="107" style="width:80pt;font-size:10pt;text-align:center;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:none;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">3DES</td>
</tr>
<tr height="21" style="height:15.75pt">
<td height="21" class="gmail-m_4544523936014396528gmail-xl67" width="172" style="height:15.75pt;width:129pt;font-size:10pt;font-weight:700;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:1pt solid windowtext;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Hashing
Algorithm IPSec</td>
<td class="gmail-m_4544523936014396528gmail-xl66" width="107" style="width:80pt;font-size:10pt;text-align:center;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:none;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">SHA1</td>
</tr>
<tr height="21" style="height:15.75pt">
<td height="21" class="gmail-m_4544523936014396528gmail-xl67" width="172" style="height:15.75pt;width:129pt;font-size:10pt;font-weight:700;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:1pt solid windowtext;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">Renegotiate
IPSec SA every</td>
<td class="gmail-m_4544523936014396528gmail-xl66" width="107" style="width:80pt;font-size:10pt;text-align:center;vertical-align:middle;border-top:none;border-right:1pt solid rgb(191,191,191);border-bottom:1pt solid rgb(191,191,191);border-left:none;background:rgb(255,242,204);padding-top:1px;padding-right:1px;padding-left:1px;color:black;font-family:Calibri,sans-serif">1800</td>
</tr>
</tbody></table><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">and below is my Strongswan config. </div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default"><div class="gmail_default" style="font-family:tahoma,sans-serif">conn ikev2-Teledida</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> auto=start</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> compress=no</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> type=tunnel</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> keyexchange=ikev2</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> fragmentation=yes</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> forceencaps=yes</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> dpdaction=clear</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> dpddelay=300s</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> rekey=no</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> left=%any</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> leftid=35.185.2**.***</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></div><div class="gmail_default" style="font-family:tahoma,sans-serif"> right=200.10.1**.***</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> rightid=%any</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> rightauth=psk</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> rightsourceip=<a href="http://10.11.10.0/9" target="_blank">10.11.10.0/9</a></div><div class="gmail_default" style="font-family:tahoma,sans-serif"> rightdns=8.8.8.8,8.8.4.4</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> ike=aes256-sha1-modp1024,aes128-sha1-modp1024,aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048,3des-sha1-modp1536,3des-sha1-modp1024</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> esp=aes256-sha256,aes256-sha1,aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048,3des-sha1-modp1024,3des-sha1-modp1536</div><div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif">When I try to connect, it fails with the below error:</div><div><div><font face="tahoma, sans-serif"><span style="white-space:pre-wrap"> </span>LOG :</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] received stroke: add connection 'ikev2-Teledida'</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] conn ikev2-Teledida</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] left=%any</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] leftid=35.185.2**.***</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] right=200.10.1**.***</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] rightsourceip=<a href="http://10.11.10.0/9" target="_blank">10.11.10.0/9</a></font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] rightdns=8.8.8.8,8.8.4.4</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] rightauth=psk</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] rightid=%any</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] ike=aes256-sha1-modp1024,aes128-sha1-modp1024,aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048,3des-sha1-modp1536,3des-sha1-modp1024</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] esp=aes256-sha256,aes256-sha1,aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048,3des-sha1-modp1024,3des-sha1-modp1536</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] dpddelay=300</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] dpdtimeout=150</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] dpdaction=1</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] sha256_96=no</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] mediation=no</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] keyexchange=ikev2</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] adding virtual IP address pool <a href="http://10.11.10.0/9" target="_blank">10.11.10.0/9</a></font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 07[CFG] added configuration 'ikev2-Teledida'</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 09[CFG] received stroke: initiate 'ikev2-Teledida'</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 09[IKE] initiating IKE_SA ikev2-Teledida[1] to 200.10.1**.***</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/NTRU_128/NTRU_192/NTRU_256/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/NTRU_128/NTRU_192/NTRU_256/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 11[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 11[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 11[NET] sending packet: from 10.138.0.4[500] to 200.10.1**.***[500] (1588 bytes)</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[NET] received packet: from 200.10.1**.***[500] to 10.138.0.4[500] (348 bytes)</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] selecting proposal:</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] selecting proposal:</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] selecting proposal:</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] selecting proposal:</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] selecting proposal:</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] selecting proposal:</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] selecting proposal:</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] proposal matches</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/NTRU_128/NTRU_192/NTRU_256/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/NTRU_128/NTRU_192/NTRU_256/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[IKE] local host is behind NAT, sending keep alives</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[IKE] sending cert request for "CN=VPN root CA"</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[IKE] authentication of '35.185.2**.***' (myself) with RSA signature successful</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] proposing traffic selectors for us:</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] proposing traffic selectors for other:</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] dynamic</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[IKE] establishing CHILD_SA ikev2-Teledida{1}</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[ENC] generating IKE_AUTH request 1 [ IDi CERTREQ AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:12 klick001 charon: 12[NET] sending packet: from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:16 klick001 charon: 15[IKE] retransmit 1 of request with message ID 1</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:16 klick001 charon: 15[NET] sending packet: from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:23 klick001 charon: 16[IKE] retransmit 2 of request with message ID 1</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:23 klick001 charon: 16[NET] sending packet: from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:36 klick001 charon: 06[IKE] retransmit 3 of request with message ID 1</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:36 klick001 charon: 06[NET] sending packet: from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:56 klick001 charon: 10[IKE] sending keep alive to 200.10.1**.***[4500]</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:59 klick001 charon: 09[IKE] retransmit 4 of request with message ID 1</font></div><div><font face="tahoma, sans-serif">Mar 15 00:36:59 klick001 charon: 09[NET] sending packet: from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)</font></div><div><font face="tahoma, sans-serif">Mar 15 00:37:20 klick001 charon: 12[IKE] sending keep alive to 200.10.1**.***[4500]</font></div><div><font face="tahoma, sans-serif">Mar 15 00:37:40 klick001 charon: 13[IKE] sending keep alive to 200.10.1**.***[4500]</font></div><div><font face="tahoma, sans-serif">Mar 15 00:37:41 klick001 charon: 14[IKE] retransmit 5 of request with message ID 1</font></div><div><font face="tahoma, sans-serif">Mar 15 00:37:41 klick001 charon: 14[NET] sending packet: from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)</font></div></div><div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif">Please assist as we are about to go live soon.</div><div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif">Thanks in advance.</div><div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif">Moses K</div></div></div></div></div>
</blockquote></div>