Out of ideas, everything here seems fine to me. Just check one more time whether the username in Windows client matches the name in /ppp secret and whether the password settings match between the two.
Yep I don’t understand why it doesn’t work as well, as on other site it works with no problem with different ISP. One more thing then i connect dynamically ipsec policy is created and on section tunnel it shows “no” but phase 2 is established. It means all security credentials are good. But anyway your help is much appreciated. Million thanks to you. I got much more confident setting up this type of VPN.
ok got connected , what i did ? deleted vpn profile on windows and recreated . And it worked. Thanks a mill again you are best of the best 
Glad to help.
tunnel in IPsec is related to the way how plaintext packets are encapsulated into IPsec transport ones, and it is correct that for the L2TP the tunnel mode is not used.
As the establishment of L2TP session got that far, the ISP had nothing to do with the issue, as everything L2TP-related runs inside the IPsec encrypted UDP flow. So the ISP has no possibility to affect what happens at L2TP level, except if it would be dropping e.g. packets of particular size or something equally weird.
My Win10 once decided not to show me the list of wireless networks, it took me months to find that the remedy was to remove a VPN profile with a name in Cyrillic (the pop-up window shows various kinds of networks at a time and obviously if one of the items had problems the whole window was not showing up). Needless to say that after re-creating that profile, including the same name in Cyrillic, everything worked fine. Thank you, Microsoft.
Yeh and now i have disconnected and tried to reconnect where you click icon in the task bar for networks and didnt work again , i have went to vpn settings section and have clicked connect and its connected, windows is messing up 
fresh install.
ok quick image health restore with DISM resolved the problem on win 10 so all good now.
Came to work this morning ( different ISP) so trying to connect to vpn we have fixed it doesn’t work again the same shit no proposal found. It works from home but doesn’t work from my office.
Does the 'Tik running the L2TP/IPsec server have a public IP address directly on itself or you use dst-nat on some device between that 'Tik and the internet?
Mikrotik router is bridged with ISP gateway device, so static IP is on Mikrotik, all NAT is done by Mikrotik
OK. So do the same what you did with l2tp:
/system logging add topics=ipsec
Then, start
/log print follow-only file=ipsec-log where topics~“ipsec”,
try to connect the VPN client, and when it fails, stop the /log print and download the file.
Then use find&replace to obfuscate the addresses (selectively, please, i.e. l.l.l.l for local address and r.r.r.r for remote address) and post the result.
Jun/11/2018 10:23:01 ipsec,error no suitable proposal found.
Jun/11/2018 10:23:01 ipsec,error x.x.x.x failed to get valid proposal.
Jun/11/2018 10:23:01 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
Jun/11/2018 10:23:01 ipsec,error x.x.x.x phase1 negotiation failed.
Jun/11/2018 10:23:02 ipsec,error no suitable proposal found.
Jun/11/2018 10:23:02 ipsec,error x.x.x.x failed to get valid proposal.
Jun/11/2018 10:23:02 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
Jun/11/2018 10:23:02 ipsec,error x.x.x.x phase1 negotiation failed.
Jun/11/2018 10:23:05 ipsec,error no suitable proposal found.
Jun/11/2018 10:23:05 ipsec,error x.x.x.x failed to get valid proposal.
Jun/11/2018 10:23:05 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
Jun/11/2018 10:23:05 ipsec,error x.x.x.x phase1 negotiation failed.
jun/11/2018 10:22:41 by RouterOS 6.42.3
software id = WY7A-F6QQ
10:23:00 ipsec,info respond new phase 1 (Identity Protection): x.x.x.x[500]<=>x.x.x.x[7]
10:23:00 ipsec received long Microsoft ID: MS NT5 ISAKMPOAKLEY
10:23:00 ipsec received Vendor ID: RFC 3947
10:23:00 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
10:23:00 ipsec
10:23:00 ipsec received Vendor ID: FRAGMENTATION
10:23:00 ipsec Fragmentation enabled
10:23:00 ipsec x.x.x.x Selected NAT-T version: RFC 3947
10:23:00 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 1024-bit MODP group:384-bit random ECP group
10:23:00 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 1024-bit MODP group:256-bit random ECP group
10:23:00 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
10:23:00 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC
10:23:00 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
10:23:00 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = AES-CBC:3DES-CBC
10:23:00 ipsec,error no suitable proposal found.
10:23:00 ipsec,error no suitable proposal found.
10:23:00 ipsec,error x.x.x.x failed to get valid proposal.
10:23:00 ipsec,error x.x.x.x failed to get valid proposal.
10:23:00 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
10:23:00 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
10:23:00 ipsec,error x.x.x.x phase1 negotiation failed.
10:23:00 ipsec,error x.x.x.x phase1 negotiation failed.
10:23:01 ipsec,info respond new phase 1 (Identity Protection): x.x.x.x[500]<=>x.x.x.x[7]
10:23:01 ipsec received long Microsoft ID: MS NT5 ISAKMPOAKLEY
10:23:01 ipsec received Vendor ID: RFC 3947
10:23:01 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
10:23:01 ipsec
10:23:01 ipsec received Vendor ID: FRAGMENTATION
10:23:01 ipsec Fragmentation enabled
10:23:01 ipsec x.x.x.x Selected NAT-T version: RFC 3947
10:23:01 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 1024-bit MODP group:384-bit random ECP group
10:23:01 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 1024-bit MODP group:256-bit random ECP group
10:23:01 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
10:23:01 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC
10:23:01 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
10:23:01 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = AES-CBC:3DES-CBC
10:23:01 ipsec,error no suitable proposal found.
10:23:01 ipsec,error no suitable proposal found.
10:23:01 ipsec,error x.x.x.x failed to get valid proposal.
10:23:01 ipsec,error x.x.x.x failed to get valid proposal.
10:23:01 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
10:23:01 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
10:23:01 ipsec,error x.x.x.x phase1 negotiation failed.
10:23:01 ipsec,error x.x.x.x phase1 negotiation failed.
10:23:02 ipsec,info respond new phase 1 (Identity Protection): x.x.x.x[500]<=>x.x.x.x[7]
10:23:02 ipsec received long Microsoft ID: MS NT5 ISAKMPOAKLEY
10:23:02 ipsec received Vendor ID: RFC 3947
10:23:02 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
10:23:02 ipsec
10:23:02 ipsec received Vendor ID: FRAGMENTATION
10:23:02 ipsec Fragmentation enabled
10:23:02 ipsec x.x.x.x Selected NAT-T version: RFC 3947
10:23:02 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 1024-bit MODP group:384-bit random ECP group
10:23:02 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 1024-bit MODP group:256-bit random ECP group
10:23:02 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
10:23:02 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC
10:23:02 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
10:23:02 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = AES-CBC:3DES-CBC
10:23:02 ipsec,error no suitable proposal found.
10:23:02 ipsec,error no suitable proposal found.
10:23:02 ipsec,error x.x.x.x failed to get valid proposal.
10:23:02 ipsec,error x.x.x.x failed to get valid proposal.
10:23:02 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
10:23:02 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
10:23:02 ipsec,error x.x.x.x phase1 negotiation failed.
10:23:02 ipsec,error x.x.x.x phase1 negotiation failed.
10:23:05 ipsec,info respond new phase 1 (Identity Protection): x.x.x.x[500]<=>x.x.x.x[7]
10:23:05 ipsec received long Microsoft ID: MS NT5 ISAKMPOAKLEY
10:23:05 ipsec received Vendor ID: RFC 3947
10:23:05 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
10:23:05 ipsec
10:23:05 ipsec received Vendor ID: FRAGMENTATION
10:23:05 ipsec Fragmentation enabled
10:23:05 ipsec x.x.x.x Selected NAT-T version: RFC 3947
10:23:05 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 1024-bit MODP group:384-bit random ECP group
10:23:05 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 1024-bit MODP group:256-bit random ECP group
10:23:05 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
10:23:05 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC
10:23:05 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
10:23:05 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = AES-CBC:3DES-CBC
10:23:05 ipsec,error no suitable proposal found.
10:23:05 ipsec,error no suitable proposal found.
10:23:05 ipsec,error x.x.x.x failed to get valid proposal.
10:23:05 ipsec,error x.x.x.x failed to get valid proposal.
10:23:05 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
10:23:05 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
10:23:05 ipsec,error x.x.x.x phase1 negotiation failed.
10:23:05 ipsec,error x.x.x.x phase1 negotiation failed.
So the Windows client in the office is a different one from the one you use to test it at home? Or it is the very same laptop you use at both places?
yes its the same laptop used in both places
OK. The log shows you what the peer (the windows client) proposes, so configure the Mikrotik’s peer proposal in a compatible way (keep Hash Algorithm unchanged as there are no complaints, add
3des to Encryption Algorithm, and add modp2048 to DH Group) and try again.
I tried the same results and if to look at dynamically generated one we have 3des and mod2048 included. in manually created i got only sha1 3des and mod2048 and still the same error
The same error or exactly the same complaints in the log?
10:23:02 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 1024-bit MODP group:384-bit random ECP group
10:23:02 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 1024-bit MODP group:256-bit random ECP group
10:23:02 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
10:23:02 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC
10:23:02 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
10:23:02 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = AES-CBC:3DES-CBC
I mean, one reason why it works from home but doesn’t from the office is that the Windows client sends different proposals depending on the weather in Kyoto 73 days ago, another possibility is that the Mikrotik generates different phase1 proposals each time it dynamically creates the IPSec peer for L2TP use (depending on something equally unrelated at first glance).
So I’d recommend you to copy the peer dynamically created by the l2tp-server configuration to a static one (using /ip ipsec peer add copy-from=[find dynamic=yes exchange-mode=main-l2tp]) and then uncheck the “use IPsec” in the /interface l2tp-server server configuration. And then to make that new peer’s proposal match what the log shows that the Windows client proposes.
And also to compare this part of the log when trying now from the office and later from home, to see whether the proposal from the Windows client is the same or different in both cases.
Returned home , recreated peer policy manually, hash - sha1, encryption algorithm - des3, DH group - Mod2048. Connected with no problem ass good from my home.
Will test again tomorrow in office with this configuration.
ok quick update, so manually created one worked from my home, arrived to the office and it didnt work from the office, got connected to neighbors company network ant tested vpn it worked fine, seems to be something wrong on my office mikrotik router.
As said, I would like to see the log from proposal comparison for the successful and unsuccessful cases, otherwise we won’t get anywhere.
One thing one could easily imagine is some packet size limitation on one of the paths, causing the proposal to be truncated, except that the recipient should notice that as the ISAKMP header contains the length of the payload, the proposal header contains the number of transforms etc., so it is quite unlikely to be the cause. Plus the packet carrying the proposal has just 450 bytes including the Ethernet headers so it is quite unlikely to get truncated.
So another thing I could imagine a bit easier but hesitate to believe it would be that something on the way between the client and server is tampering with the proposal contents.
If you don’t mind capturing the good and bad attempts using Wireshark, it would be interesting to see whether the Windows client is sending the same proposal in both cases or not. You can see below in the decoding of my Win10’s native client’s ISAKMP packet carrying the proposal that there is nothing sensitive in the proposal itself - anything sensitive is transmitted encrypted:
Payload: Proposal (2) # 1
Next payload: NONE / No Next Payload (0)
Reserved: 00
Payload length: 200
Proposal number: 1
Protocol ID: ISAKMP (1)
SPI Size: 0
Proposal transforms: 5
Payload: Transform (3) # 1
Next payload: Transform (3)
Reserved: 00
Payload length: 40
Transform number: 1
Transform ID: KEY_IKE (1)
Reserved: 0000
IKE Attribute (t=1,l=2): Encryption-Algorithm: AES-CBC
IKE Attribute (t=14,l=2): Key-Length: 256
IKE Attribute (t=2,l=2): Hash-Algorithm: SHA
IKE Attribute (t=4,l=2): Group-Description: 384-bit random ECP group
IKE Attribute (t=3,l=2): Authentication-Method: Pre-shared key
IKE Attribute (t=11,l=2): Life-Type: Seconds
IKE Attribute (t=12,l=4): Life-Duration: 28800
Payload: Transform (3) # 2
Next payload: Transform (3)
Reserved: 00
Payload length: 40
Transform number: 2
Transform ID: KEY_IKE (1)
Reserved: 0000
IKE Attribute (t=1,l=2): Encryption-Algorithm: AES-CBC
IKE Attribute (t=14,l=2): Key-Length: 128
IKE Attribute (t=2,l=2): Hash-Algorithm: SHA
IKE Attribute (t=4,l=2): Group-Description: 256-bit random ECP group
IKE Attribute (t=3,l=2): Authentication-Method: Pre-shared key
IKE Attribute (t=11,l=2): Life-Type: Seconds
IKE Attribute (t=12,l=4): Life-Duration: 28800
Payload: Transform (3) # 3
Next payload: Transform (3)
Reserved: 00
Payload length: 40
Transform number: 3
Transform ID: KEY_IKE (1)
Reserved: 0000
IKE Attribute (t=1,l=2): Encryption-Algorithm: AES-CBC
IKE Attribute (t=14,l=2): Key-Length: 256
IKE Attribute (t=2,l=2): Hash-Algorithm: SHA
IKE Attribute (t=4,l=2): Group-Description: 2048 bit MODP group
IKE Attribute (t=3,l=2): Authentication-Method: Pre-shared key
IKE Attribute (t=11,l=2): Life-Type: Seconds
IKE Attribute (t=12,l=4): Life-Duration: 28800
Payload: Transform (3) # 4
Next payload: Transform (3)
Reserved: 00
Payload length: 36
Transform number: 4
Transform ID: KEY_IKE (1)
Reserved: 0000
IKE Attribute (t=1,l=2): Encryption-Algorithm: 3DES-CBC
IKE Attribute (t=2,l=2): Hash-Algorithm: SHA
IKE Attribute (t=4,l=2): Group-Description: 2048 bit MODP group
IKE Attribute (t=3,l=2): Authentication-Method: Pre-shared key
IKE Attribute (t=11,l=2): Life-Type: Seconds
IKE Attribute (t=12,l=4): Life-Duration: 28800
Payload: Transform (3) # 5
Next payload: NONE / No Next Payload (0)
Reserved: 00
Payload length: 36
Transform number: 5
Transform ID: KEY_IKE (1)
Reserved: 0000
IKE Attribute (t=1,l=2): Encryption-Algorithm: 3DES-CBC
IKE Attribute (t=2,l=2): Hash-Algorithm: SHA
IKE Attribute (t=4,l=2): Group-Description: Alternate 1024-bit MODP group
IKE Attribute (t=3,l=2): Authentication-Method: Pre-shared key
IKE Attribute (t=11,l=2): Life-Type: Seconds
IKE Attribute (t=12,l=4): Life-Duration: 28800
ok here i got successful log and failed log.
successful: from neighbor company
jun/13/2018 9:40:34 by RouterOS 6.42.3
software id = WY7A-F6QQ
09:40:49 ipsec,info respond new phase 1 (Identity Protection): x.x.x.x[500]<=>x.x.x.x[500]
09:40:49 ipsec received long Microsoft ID: MS NT5 ISAKMPOAKLEY
09:40:49 ipsec received Vendor ID: RFC 3947
09:40:49 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
09:40:49 ipsec
09:40:49 ipsec received Vendor ID: FRAGMENTATION
09:40:49 ipsec Fragmentation enabled
09:40:49 ipsec x.x.x.x Selected NAT-T version: RFC 3947
09:40:49 ipsec sent phase1 packet x.x.x.x[500]<=>x.x.x.x[500] sadr45f5yedy5y6y:ewr456gry56gref
09:40:49 ipsec x.x.x.x Hashing x.x.x.x[500] with algo #2
09:40:49 ipsec NAT-D payload #0 verified
09:40:49 ipsec x.x.x.x Hashing x.x.x.x[500] with algo #2
09:40:49 ipsec NAT-D payload #1 doesn't match
09:40:49 ipsec NAT detected: PEER
09:40:49 ipsec x.x.x.x Hashing x.x.x.x[500] with algo #2
09:40:49 ipsec x.x.x.x Hashing x.x.x.x[500] with algo #2
09:40:49 ipsec Adding remote and local NAT-D payloads.
09:40:49 ipsec sent phase1 packet x.x.x.x[500]<=>x.x.x.x[500] sadr45f5yedy5y6y:ewr456gry56gref
09:40:49 ipsec NAT-T: ports changed to: x.x.x.x[4500]<=>x.x.x.x[4500]
09:40:49 ipsec KA list add: x.x.x.x[4500]->x.x.x.x[4500]
09:40:49 ipsec,info ISAKMP-SA established x.x.x.x[4500]-x.x.x.x[4500] spi:sadr45f5yedy5y6y:ewr456gry56gref
09:40:49 ipsec respond new phase 2 negotiation: x.x.x.x[4500]<=>x.x.x.x[4500]
09:40:49 ipsec searching for policy for selector: x.x.x.x:1701 ip-proto:17 <=> x.x.x.x:1701 ip-proto:17
09:40:49 ipsec generating policy
09:40:49 ipsec Adjusting my encmode UDP-Transport->Transport
09:40:49 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
09:40:49 ipsec sent phase2 packet x.x.x.x[4500]<=>x.x.x.x[4500]sadr45f5yedy5y6y:ewr456gry56gref :00000001
09:40:49 ipsec IPsec-SA established: ESP/Transport x.x.x.x[4500]->x.x.x.x[4500] spi=0xef9af5c
09:40:49 ipsec IPsec-SA established: ESP/Transport x.x.x.x[4500]->x.x.x.x[4500] spi=0xcc78a626
failed connection from office
jun/13/2018 9:35:21 by RouterOS 6.42.3
software id = WY7A-F6QQ
09:35:35 ipsec,info respond new phase 1 (Identity Protection): x.x.x.x[500]<=>x.x.x.x[1]
09:35:35 ipsec received long Microsoft ID: MS NT5 ISAKMPOAKLEY
09:35:35 ipsec received Vendor ID: RFC 3947
09:35:35 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
09:35:35 ipsec
09:35:35 ipsec received Vendor ID: FRAGMENTATION
09:35:35 ipsec Fragmentation enabled
09:35:35 ipsec x.x.x.x Selected NAT-T version: RFC 3947
09:35:35 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 1024-bit MODP group:384-bit random ECP group
09:35:35 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 1024-bit MODP group:256-bit random ECP group
09:35:35 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
09:35:35 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC
09:35:35 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
09:35:35 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = AES-CBC:3DES-CBC
09:35:35 ipsec,error no suitable proposal found.
09:35:35 ipsec,error no suitable proposal found.
09:35:35 ipsec,error x.x.x.x failed to get valid proposal.
09:35:35 ipsec,error x.x.x.x failed to get valid proposal.
09:35:35 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
09:35:35 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
09:35:35 ipsec,error x.x.x.x phase1 negotiation failed.
09:35:35 ipsec,error x.x.x.x phase1 negotiation failed.
09:35:36 ipsec,info respond new phase 1 (Identity Protection): x.x.x.x[500]<=>x.x.x.x[1]
09:35:36 ipsec received long Microsoft ID: MS NT5 ISAKMPOAKLEY
09:35:36 ipsec received Vendor ID: RFC 3947
09:35:36 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
09:35:36 ipsec
09:35:36 ipsec received Vendor ID: FRAGMENTATION
09:35:36 ipsec Fragmentation enabled
09:35:36 ipsec x.x.x.x Selected NAT-T version: RFC 3947
09:35:36 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 1024-bit MODP group:384-bit random ECP group
09:35:36 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 1024-bit MODP group:256-bit random ECP group
09:35:36 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
09:35:36 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC
09:35:36 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
09:35:36 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = AES-CBC:3DES-CBC
09:35:36 ipsec,error no suitable proposal found.
09:35:36 ipsec,error no suitable proposal found.
09:35:36 ipsec,error x.x.x.x failed to get valid proposal.
09:35:36 ipsec,error x.x.x.x failed to get valid proposal.
09:35:36 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
09:35:36 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
09:35:36 ipsec,error x.x.x.x phase1 negotiation failed.
09:35:36 ipsec,error x.x.x.x phase1 negotiation failed.
09:35:37 ipsec,info respond new phase 1 (Identity Protection): x.x.x.x[500]<=>x.x.x.x[1]
09:35:37 ipsec received long Microsoft ID: MS NT5 ISAKMPOAKLEY
09:35:37 ipsec received Vendor ID: RFC 3947
09:35:37 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
09:35:37 ipsec
09:35:37 ipsec received Vendor ID: FRAGMENTATION
09:35:37 ipsec Fragmentation enabled
09:35:37 ipsec x.x.x.x Selected NAT-T version: RFC 3947
09:35:37 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 1024-bit MODP group:384-bit random ECP group
09:35:37 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 1024-bit MODP group:256-bit random ECP group
09:35:37 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
09:35:37 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC
09:35:37 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
09:35:37 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = AES-CBC:3DES-CBC
09:35:37 ipsec,error no suitable proposal found.
09:35:37 ipsec,error no suitable proposal found.
09:35:37 ipsec,error x.x.x.x failed to get valid proposal.
09:35:37 ipsec,error x.x.x.x failed to get valid proposal.
09:35:37 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
09:35:37 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
09:35:37 ipsec,error x.x.x.x phase1 negotiation failed.
09:35:37 ipsec,error x.x.x.x phase1 negotiation failed.
09:35:40 ipsec,info respond new phase 1 (Identity Protection): x.x.x.x[500]<=>x.x.x.x[1]
09:35:40 ipsec received long Microsoft ID: MS NT5 ISAKMPOAKLEY
09:35:40 ipsec received Vendor ID: RFC 3947
09:35:40 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
09:35:40 ipsec
09:35:40 ipsec received Vendor ID: FRAGMENTATION
09:35:40 ipsec Fragmentation enabled
09:35:40 ipsec x.x.x.x Selected NAT-T version: RFC 3947
09:35:40 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 1024-bit MODP group:384-bit random ECP group
09:35:40 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 1024-bit MODP group:256-bit random ECP group
09:35:40 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
09:35:40 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC
09:35:40 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
09:35:40 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = AES-CBC:3DES-CBC
09:35:40 ipsec,error no suitable proposal found.
09:35:40 ipsec,error no suitable proposal found.
09:35:40 ipsec,error x.x.x.x failed to get valid proposal.
09:35:40 ipsec,error x.x.x.x failed to get valid proposal.
09:35:40 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
09:35:40 ipsec,error x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
09:35:40 ipsec,error x.x.x.x phase1 negotiation failed.
09:35:40 ipsec,error x.x.x.x phase1 negotiation failed.