IKEv2 negotiation failed when using Traditional VPN mode

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk147352
Technical Level
Product	IPSec VPN
Version	R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.30 (EOL), R80.40
OS	Gaia
Platform / Model	All
Date Created	04-Mar-2019
Last Modified	02-Nov-2020

Symptoms

IKEv2 negotiation fails when using Traditional VPN mode and the following error messages can be found in $FWDIR/log/vpnd.elg: [ 8224][11 Feb 0:52:34][ikev2] doCreateOrder: could not find peer obj for - may be client or LSV (0) or DAIP (0)
[ 8224][11 Feb 0:52:34][ikev2] doCreateOrder: I am not in a RA community. will not continue
[ 8224][11 Feb 0:52:34][ikev2] vpn1OrderFactory::createOrder: failed to create order
[ 8224][11 Feb 0:52:34][ikev2] ikeExchangeFlowHandler::getOrder: failed to create order for Initial exchange.
[ 8224][11 Feb 0:52:34][ikev2] messageLayer::messageArrived: Could not allocate inbound Initial exchange

Solution

No fix, expected behavior

IKEv2 is not supported with firewall policies in Traditional VPN mode.

To resolve this issue, either convert the Traditional VPN policy to Simplified VPN mode, or change the IKE version to IKEv1.

For more information, refer to the "Converting a Traditional Policy to a Community Based Policy" section in the VPN R77 Versions Administration Guide

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating