IKE/5/IPSEC_UNSAFE_ALGO

Message

IKE/5/IPSEC_UNSAFE_ALGO: Peer chose unsafe algorithm to establish IPsec SA. (PeerIP=[PeerIp], VrfName=[VRF], AH-AuthenticationAlgorithm=[AH-AuthenticationAlgorithm], ESP-AuthenticationAlgorithm=[ESP-AuthenticationAlgorithm], ESP-EncryptionAlgorithm=[ESP-EncryptionAlgorithm], Policy=[Policy], Protocol=[Protocol])

In VS mode, this log is supported only by the admin VS.

Description

Peers used unsafe algorithm to create IPSec security association.

Parameters

Parameter Name Parameter Meaning

PeerIp

Indicates IPSec peer IP.

VRF

Indicates Virtual Routing and Forwarding (VRF) concept used to support VPNs in IP networks.

AH-AuthenticationAlgorithm

Indicates authentication algorithms.

ESP-AuthenticationAlgorithm

Indicates authentication algorithms.

ESP-EncryptionAlgorithm

Indicates encryption algorithms.

Policy

Indicates the policy name.

Protocol

Indicates the security protocol.

Possible Causes

Peer negotiates to establish an IPSec SA using unsafe authentication and encryption algorithms like MD5, SHA1, DES and 3DES.

Procedure

  • Configure safe authentication and encryption algorithms on both the peers like AES and SHA2-256.
Parent Topic: IKE
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >