2008-05-16 22:54:09 info Rejected an IKE packet on ethernet0/2 from 219.xxx.110.97:500 to 121.xx.xxx.66:500 with cookies ada47579dcc5fb20 and b3d4a1da161467fc because there were no acceptable Phase 1 proposals.
2008-05-16 22:54:09 info IKE<219.xxx.110.97> Phase 1: Responder starts AGGRESSIVE mode negotiations.

这是我的SSG550上面的日志，不知道是哪里错了？

5-16: 22:11:30.078 My Connections\swpc_vpn - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, ID 2x)
5-16: 22:11:45.078 My Connections\swpc_vpn - QM re-keying timed out. Retry count: 1
5-16: 22:11:45.078 My Connections\swpc_vpn - SENDING>>>> ISAKMP OAK QM *(Retransmission)
5-16: 22:12:00.078 My Connections\swpc_vpn - QM re-keying timed out. Retry count: 2
5-16: 22:12:00.078 My Connections\swpc_vpn - SENDING>>>> ISAKMP OAK QM *(Retransmission)
5-16: 22:12:15.078 My Connections\swpc_vpn - QM re-keying timed out. Retry count: 3
5-16: 22:12:15.078 My Connections\swpc_vpn - SENDING>>>> ISAKMP OAK QM *(Retransmission)
5-16: 22:12:30.078 My Connections\swpc_vpn - Exceeded 3 attempts (message id: 983BA397)
5-16: 22:12:30.078 My Connections\swpc_vpn - Disconnecting IKE SA negotiation
5-16: 22:12:30.078 My Connections\swpc_vpn - Deleting IKE SA (IP ADDR=121.xx.xxx.66)
5-16: 22:12:30.078 My Connections\swpc_vpn -   MY COOKIE a 95 ba 67 23 68 94 3
5-16: 22:12:30.078 My Connections\swpc_vpn -   HIS COOKIE 9a 83 cd 1e 8d 2e e3 d4
5-16: 22:12:30.078 My Connections\swpc_vpn - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)

[ 本帖最后由 orangei 于 2008-5-16 23:19 编辑 ]

请教一下这个是什么问题？

Message:  <ip_address> to <ip_address> with cookies <cookie id> and <cookie id> because there were no acceptable Phase 1 proposals.

Meaning:  The Phase 1 proposals do not match.
Action: Make sure the parameters for the IKE gateway Phase 1 proposals on both the responder and the initiator match:

Authentication Method (Preshare, RSA-signature, or DSA-signature)
Diffie-Hellman Group Number (Group 1, 2, or 5)
Encryption Algorithm (DES, 3DES, or AES)
Hash Algorithm (MD5 or SHA-1)

2008-05-17 00:36:39 info IKE<219.xxx.110.97> Phase 2 msg ID <6efd7e3a>: Negotiations have failed.
2008-05-17 00:36:39 info Rejected an IKE packet on ethernet0/2 from 219.134.110.97:4500 to 121.xx.xxx.66:4500 with cookies 6e39df68fdb554cf and 59f2a922a4b85cd3 because the VPN does not have an application SA configured.
2008-05-17 00:36:39 info IKE<219.134.110.97> Phase 2: No policy exists for the proxy ID received: local ID (<10.6.0.0>/<255.255.255.0>, <0>, <0>) remote ID (<11.6.0.1>/<255.255.255.255>, <0>, <0>).
2008-05-17 00:36:39 info IKE<219.134.110.97> Phase 2 msg ID <6efd7e3a>: Responded to the peer's first message.
2008-05-17 00:36:24 info IKE<219.134.110.97> Phase 2 msg ID <6efd7e3a>: Negotiations have failed.
2008-05-17 00:36:24 info Rejected an IKE packet on ethernet0/2 from 219.134.110.97:4500 to 121.xx.xxx.66:4500 with cookies 6e39df68fdb554cf and 59f2a922a4b85cd3 because the VPN does not have an application SA configured.
2008-05-17 00:36:24 info IKE<219.134.110.97> Phase 2: No policy exists for the proxy ID received: local ID (<10.6.0.0>/<255.255.255.0>, <0>, <0>) remote ID (<11.6.0.1>/<255.255.255.255>, <0>, <0>).
2008-05-17 00:36:24 info IKE<219.134.110.97> Phase 2 msg ID <6efd7e3a>: Responded to the peer's first message.
2008-05-17 00:36:09 info IKE<219.134.110.97> Phase 2 msg ID <6efd7e3a>: Negotiations have failed.
2008-05-17 00:36:09 info Rejected an IKE packet on ethernet0/2 from 219.134.110.97:4500 to 121.xx.xxx.66:4500 with cookies 6e39df68fdb554cf and 59f2a922a4b85cd3 because the VPN does not have an application SA configured.
2008-05-17 00:36:09 info IKE<219.134.110.97> Phase 2: No policy exists for the proxy ID received: local ID (<10.6.0.0>/<255.255.255.0>, <0>, <0>) remote ID (<11.6.0.1>/<255.255.255.255>, <0>, <0>).
2008-05-17 00:36:09 info IKE<219.134.110.97> Phase 2 msg ID <6efd7e3a>: Responded to the peer's first message.
2008-05-17 00:35:53 info IKE<219.134.110.97> Phase 2 msg ID <6efd7e3a>: Negotiations have failed.
2008-05-17 00:35:53 info Rejected an IKE packet on ethernet0/2 from 219.134.110.97:4500 to 121.xx.xxx.66:4500 with cookies 6e39df68fdb554cf and 59f2a922a4b85cd3 because the VPN does not have an application SA configured.
2008-05-17 00:35:53 info IKE<219.134.110.97> Phase 2: No policy exists for the proxy ID received: local ID (<10.6.0.0>/<255.255.255.0>, <0>, <0>) remote ID (<11.6.0.1>/<255.255.255.255>, <0>, <0>).
2008-05-17 00:35:53 info IKE<219.134.110.97> Phase 2 msg ID <6efd7e3a>: Responded to the peer's first message.
2008-05-17 00:35:53 info IKE<219.134.110.97>: XAuth login was passed for gateway <swpc_gatway>, username <swpc>, retry: 0, Client IP Addr<11.6.0.1>, IPPool name:<swpc_pool>, Session-Timeout:<0s>, Idle-Timeout:<0s>.
2008-05-17 00:35:43 info IKE<219.134.110.97>: Received initial contact notification and removed Phase 1 SAs.
2008-05-17 00:35:43 info IKE<219.134.110.97> Phase 1: Completed Aggressive mode negotiations with a <28800>-second lifetime.

请问一下这是怎么解决？谢谢！

No policy exists