Support Center > Search Results > SecureKnowledge Details
Phase-2 negotiation fails with "Reason: Wrong value for: Encapsulation Mode" Technical Level
Symptoms
  • After upgrade to R80.x, Phase-2 negotiation fails with "Reason: Wrong value for: Encapsulation Mode".

  • In ike.elg, Main Mode packet 3 from peer, has NAT Discovery payload. Main Mode Packet 5 and 6 use UDP/4500 correctly. Phase-1 negotiation is successful, but phase-2 negotiation sometimes fails with NAT-T.

  • In vpnd.elg, you will see either (or both) lines:
    [tunnel] transformsMatch: lst_first failed for trans2
    [tunnel] GOT LIFE DURATION P2 (lifetype: (nil), pair- >type: 1)
Cause

Encapsulation Mode is matched only according to the VPN Community settings. However, it does not match Encapsulation Mode according to negotiation information from the peer gateway.


Solution
Note: To view this solution you need to Sign In .