We have firewall 5505 where I have created site to site VPN. First time I have created crypto policy with group 2 and then changed to below.
Phase 1 failure: Mismatched attribute types for class Group Description: Rcv’d: Group 5 Cfg’d: Group 2Group
192.168.1.1, IP = 192.168.1.1, Received non-routine Notify message: No proposal chosen (14)
Phase 1 (Main mode)
Lifetime: 86400s (1 day)
Encryption: AES256
Hash: SHA1 Key-Ex:
Group5
Phase 2
Lifetime: 3600s (1 hour)
Encryption: AES256
Hash: SHA1
PFS: Group5
Below is my firewall config.
crypto ikev1 policy 170
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
I can ping to remote end peer as well from firewall and from host. It seems like cypto first checks for group2 and then it goes to group 5. I can ping to 192.168.1.1 successfully from firewall and server. What is this error message and how can I get it off?
Thank you Shraddha