/ip ipsec proposal
set [ find default=yes ] enc-algorithms="aes-256-cbc,aes-256-ctr,aes-256-gcm,a\
    es-128-cbc,aes-128-ctr,aes-128-gcm,3des" lifetime=1h
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=1h name=PEER1 \
    pfs-group=modp2048
add enc-algorithms=aes-128-cbc lifetime=1h name=PEER2 pfs-group=modp2048
add enc-algorithms=3des lifetime=1h name=L2TP

08:55:15 ipsec,info respond new phase 1 (Identity Protection): peer.one.ip[500]<=>peer.two.ip[500] 
08:55:15 ipsec received MS NT5 ISAKMPOAKLEY ID version: 9 
08:55:15 ipsec received Vendor ID: RFC 3947 
08:55:15 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02\n 
08:55:15 ipsec received Vendor ID: FRAGMENTATION 
08:55:15 ipsec Fragmentation enabled 
08:55:15 ipsec peer.two.ip Selected NAT-T version: RFC 3947 
08:55:15 ipsec rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 4:SHA 
08:55:15 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#1) = 2048-bit MODP group:384-bit random ECP group 
08:55:15 ipsec rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 4:SHA 
08:55:15 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#2) = 2048-bit MODP group:256-bit random ECP group 
08:55:15 ipsec rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 4:SHA 
08:55:15 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC 
08:55:15 ipsec rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 4:SHA 
08:55:15 ipsec rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = AES-CBC:3DES-CBC 
08:55:15 ipsec rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = 4:SHA 
08:55:15 ipsec rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#5) = 2048-bit MODP group:1024-bit MODP group 
08:55:15 ipsec,error no suitable proposal found. 
08:55:15 ipsec,error peer.two.ip failed to get valid proposal. 
08:55:15 ipsec,error peer.two.ip failed to pre-process ph1 packet (side: 1, status 1). 
08:55:15 ipsec,error peer.two.ip phase1 negotiation failed.