Support Center > Search Results > SecureKnowledge Details
Phase-2 negotiation fails with "Reason: Wrong value for: Encapsulation Mode"
Symptoms
  • After upgrade to R80.20, Phase-2 negotiation fails with "Reason: Wrong value for: Encapsulation Mode".

  • In ike.elg, Main Mode packet 3 from peer, has NAT Discovery payload. Main Mode Packet 5 and 6 use UDP/4500 correctly. Phase-1 negotiation is successful, but phase-2 negotiation sometimes fails with NAT-T.
Cause

We match Encapsulation Mode only according to the VPN Community settings. However, it does not match Encapsulation Mode according to negotiation information from the peer gateway.


Solution
Note: To view this solution you need to Sign In .