Anyone have idea why "Phase 1 of IKE Tunnel Negotiation Failed" comes up when I try to use IPsec method to establish connection between on-prem and Alibaba Cloud
Asked
Active
Viewed 100 times
2 Answers
1
IKE negotiates the IPSec security associations, called SAs, between two endpoints. Each security association has parameters that must match on both sides. Verify that you have configured the phase 1 policy with the same parameters for Encryption, Hash, Diffie-Hellman Group and Authentication.
Note: You have left a lot of important details out of your question.
John Hanley
- 4,287
- 1
- 9
- 20
0
the following recommend for you
IKE profile settings
Set the lifetime to a value configured on the Alibaba Cloud side between 900 and 28,800 (default) seconds. Set the encryption algorithm to either AES-128 or AES-256. Set the hashing algorithm to either SHA-1 or SHA-2(256). Set the Pseudo Random Function (PRF) to the same algorithm as the hashing algorithm. Enable one of the following Diffie-Hellman groups: 2, 14-18, 22, 23, or 24. IPsec profile settings
Set the lifetime to a value configured on the Alibaba Cloud side between 900 and 3,600 (default) seconds, with less than phase 1 lifetime. Set the encryption algorithm to either AES-128 or AES-256. Set the hashing algorithm to either SHA-1 or SHA-2(256). Enable perfect forward secrecy (PFS) using one of the following Diffie-Hellman groups: 2, 5, 14-18, 22, 23, or 24.
Wenson Ding
- 21
- 1