Re: ike SA unusable and ike No proposal chosen

Thnak you for your replys.

No firewalls / filters / polices are blocking traffic, at least i am not aware about them.

On 217.12.253.226 i noticed that it has several security-associations:

show security ike security-associations    
Index   State  Initiator cookie  Responder cookie  Mode           Remote Address   
5473375 UP     116e2c801097c9d0  ab39919cba3b8b39  Main           62.176.7.74     
5473411 DOWN   c61f140f39008527  551b417b7766f3ad  Any            83.234.107.110  
5473409 DOWN   931d0ca5af9a1478  0000000000000000  Main           83.243.107.110  
5473410 DOWN   5103a7a2754f004d  144c6eb87b57c9f3  Any            83.234.107.110  
5473412 DOWN   552225eca47bb34f  1ff408c58bce2530  Any            83.234.107.110 

and debug log:

[Jan 30 17:52:10]KMD_INTERNAL_ERROR: iked_ifstate_eoc_handler: EOC msg received
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_get_sa: Start, SA = { 02b87da5 947fb96c - 00000000 00000000 } / 00000000, remote = 83.234.107.110:500
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_get_sa: We are responder and this is initiators first packet
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_sa_allocate: Start, SA = { 02b87da5 947fb96c - 646c9eea c88d5bdc }
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_udp_callback_common: New SA
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_init_isakmp_sa: Start, remote = 83.234.107.110:500, initiator = 0
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  217.12.253.226:500 (Responder) <-> 83.234.107.110:500 { 02b87da5 947fb96c - 646c9eea c88d5bdc [-1] / 0x00000000 } IP; New SA
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ikev2_fallback_negotiation_alloc: Allocated fallback negotiation dfe000
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  P1 SA 5473376 start timer. timer duration 30, reason 1.
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ssh_isakmp_update_responder_cookie: Updating responder IKE cookie
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ssh_isakmp_update_responder_cookie: Original IKE cookie
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  00000000: 646c 9eea c88d 5bdc                      dl....[.
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ssh_isakmp_update_responder_cookie: New IKE cookie
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  00000000: 6006 a421 7fbc 2f9c                      `..!../.
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=217.12.253.226:500, remote=83.234.107.110:500 (neg dfe000)
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ikev2_fallback_negotiation_free: Fallback negotiation dfe000 has still 1 references
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_decode_packet: Start
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_decode_packet: Start, SA = { 02b87da5 947fb96c - 6006a421 7fbc2f9c} / 00000000, nego = -1
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_decode_payload_sa: Start
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_decode_payload_sa: Found 1 proposals
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_decode_payload_t: Start, # trans = 2
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  217.12.253.226:500 (Responder) <-> 83.234.107.110:500 { 02b87da5 947fb96c - 6006a421 7fbc2f9c [-1] / 0x00000000 } IP; Version = 1.0, Input packet fields = 0401 SA VID 
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ...
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_vid: VID[0..16] = 27bab5dc 01ea0760 ...
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_vid: VID[0..16] = 6105c422 e76847e4 ...
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_vid: VID[0..16] = 4485152d 18b6bbcd ...
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_vid: VID[0..16] = cd604643 35df21f8 ...
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_vid: VID[0..16] = 90cb8091 3ebb696e ...
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_vid: VID[0..16] = 7d9419a6 5310ca6f ...
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_vid: VID[0..16] = 4a131c81 07035845 ...
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_vid: VID[0..28] = 69936922 8741c6d4 ...
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_sa_proposal: Start
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_process_packet: No output packet, returning
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  Parsing notification payload for local:217.12.253.226, remote:83.234.107.110 IKEv1 
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  iked_pm_phase1_sa_cfg_lookup_by_addr: Address based phase 1 SA-CFG lookup failed for local:217.12.253.226, remote:83.234.107.110 IKEv1 
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  iked_pm_ike_spd_select_ike_sa failed. rc 1, error_code: No proposal chosen
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ikev2_fb_spd_select_sa_cb: IKEv2 SA select failed with error No proposal chosen (neg dfe000)
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_isakmp_sa_reply: Start
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ikev2_fallback_negotiation_free: Fallback negotiation dfe000 has still 1 references
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  217.12.253.226:500 (Responder) <-> 83.234.107.110:500 { 02b87da5 947fb96c - 6006a421 7fbc2f9c [-1] / 0x00000000 } IP; Restart packet
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_state_restart_packet: Start, restart packet SA = { 02b87da5 947fb96c - 6006a421 7fbc2f9c}, nego = -1
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  217.12.253.226:500 (Responder) <-> 83.234.107.110:500 { 02b87da5 947fb96c - 6006a421 7fbc2f9c [-1] / 0x00000000 } IP; Version = 1.0, Input packet fields = 0401 SA VID 
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = any, Responder
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_sa_proposal: Start
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_cr: Start
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_cert: Start
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_i_private: Start
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_st_o_sa_values: Start
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_state_restart_packet: Error, send notify
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  217.12.253.226:500 (Responder) <-> 83.234.107.110:500 { 02b87da5 947fb96c - 6006a421 7fbc2f9c [-1] / 0x00000000 } IP; Error = No proposal chosen (14)
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_alloc_negotiation: Start, SA = { 02b87da5 947fb96c - 6006a421 7fbc2f9c}
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_alloc_negotiation: Found slot 0, max 1
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_init_info_exchange: Created random message id = 4fc006db
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_init_info_exchange: No phase 1 done, use only N or D payload
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  <none>:500 (Initiator) <-> 83.234.107.110:500 { 02b87da5 947fb96c - 6006a421 7fbc2f9c [0] / 0x4fc006db } Info; Sending negotiation back, error = 14
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_encode_packet: Start, SA = { 0x02b87da5 947fb96c - 6006a421 7fbc2f9c } / 4fc006db, nego = 0
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_encode_packet: Final length = 102
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_send_notify: Sending notification to 83.234.107.110:500
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_send_packet: Start, send SA = { 02b87da5 947fb96c - 6006a421 7fbc2f9c}, nego = 0, dst = 83.234.107.110:500,  routing table id = 0
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_delete_negotiation: Start, SA = { 02b87da5 947fb96c - 6006a421 7fbc2f9c}, nego = 0
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  <none>:500 (Initiator) <-> 83.234.107.110:500 { 02b87da5 947fb96c - 6006a421 7fbc2f9c [0] / 0x4fc006db } Info; Deleting negotiation
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_free_negotiation_info: Start, nego = 0
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ike_free_negotiation: Start, nego = 0
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  IKE negotiation fail for local:217.12.253.226, remote:83.234.107.110 IKEv1 with status: No proposal chosen
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]    IKEv1 Error : No proposal chosen
[Jan 30 17:52:24][217.12.253.226 <-> 83.234.107.110]  ikev2_fallback_negotiation_free: Freeing fallback negotiation dfe000