Symptom
"debug crypto ikev2 error" shows the following output upon receipt of an ipsec proposal with no matching configured policy on the router:
IKEv2:(SESSION ID = x,SA ID = x):Processing IKE_AUTH message
IKEv2:IPSec policy validate request sent for profile xyz with psh index 1.
IKEv2:(SESSION ID = x,SA ID = x):
IKEv2:(SA ID = 1):[IPsec -> IKEv2] Callback received for the validate proposal - FAILED.
IKEv2-ERROR:(SESSION ID = 50129,SA ID = 1):Received Policies: : Failed to find a matching policyESP: Proposal 1: AES-CBC-256 SHA512 Don't use ESN
IKEv2-ERROR:(SESSION ID = x,SA ID = x):Expected Policies: : Failed to find a matching policy
IKEv2-ERROR:(SESSION ID = x,SA ID = x):: Failed to find a matching policy
IKEv2:(SESSION ID = x,SA ID = x):Sending no proposal chosen notify
Note the "Expected Policies: : Failed to find a matching policy". This should indicate the expected configured policies yet it does not.
Conditions
Router configured with ikev2 and a valid ipsec transform-set, receiving an IKE_AUTH REQ from a peer
"Debug crypto ikev2 error" enabled
