Aug 14, 2012 · 1754 11/29/2001 16:20:18.500 Group = y.y.172.63, IP = y.y.172.63, Received non-routing Notify message: Invalid ID info (18) The following indicates that the local gateway is not finding matching interesting traffic.

Apr 01 15:11:47 [IKEv1]: IP = 123.123.123.123, IKE_DECODE RECEIVED Message (msgid=5456d64e) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 56 Apr 01 15:11:47 [IKEv1]: Group = 123.123.123.123, IP = 123.123.123.123, Received an un-encrypted PAYLOAD_MALFORMED notify message, dropping Apr 01 15:11:47 [IKEv1]: Group = 123.123.123.123 Aug 14, 2012 · 1754 11/29/2001 16:20:18.500 Group = y.y.172.63, IP = y.y.172.63, Received non-routing Notify message: Invalid ID info (18) The following indicates that the local gateway is not finding matching interesting traffic. May 05, 2010 · 1754 11/29/2001 16:20:18.500 Group = y.y.172.63, IP = y.y.172.63, Received non-routing Notify message: Invalid ID info (18) The following indicates that the local gateway is not finding matching interesting traffic. I am trying to setup Site to site VPN. I am getting: Received notify. NO_PROPOSAL_CHOSEN in Sonicwall logs and the VPN is not setup. It looks like the phase 1 is OK as I am getting: Info VPN IKE IKE Initiator: Start Quick Mode (Phase 2). SONIC_WALL_IP, 500 CISCO_IP, 500 VPN Policy: test in the sonicwall logs just before NO_PROPOSAL_CHOSEN message. Troubleshooting with the Event Log. Event logs can be displayed from Network-wide > Monitor > Event log.Select the All Non-Meraki / Client VPN event log type as the sole Event type include option and click on the search button.

The message "Received non-routine Notify message: Invalid ID info (18)" might indicate a a misconfiguration, maybe the local and remote network are not matched. What settings have you defined for Phase II on ISA and ASA? What are the local and remote networks on ISA and respective on ASA? Can you post the Oakley.log from ISA? Regards!

Troubleshooting Guide: IKE IPSec VPN Initialization 02/2007 Introduction This guide will present the basic information required to troubleshoot problems in establishing an IKE IPSec VPN Tunnel. The guide will first present the basic premise of IKE negotiation, protocol support, and noteworthy configuration details. After setting up the VPN, during Phase II we get a "Received notify: INVALID_ID_INFO" From what I remember and have read, this is usually due to the networks tabs not lining up properly. For local network, I am choosing the X0 interface as my network, which is a 192.168.x.x /24 on both sides. Apr 01 15:11:47 [IKEv1]: IP = 123.123.123.123, IKE_DECODE RECEIVED Message (msgid=5456d64e) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 56 Apr 01 15:11:47 [IKEv1]: Group = 123.123.123.123, IP = 123.123.123.123, Received an un-encrypted PAYLOAD_MALFORMED notify message, dropping Apr 01 15:11:47 [IKEv1]: Group = 123.123.123.123 Aug 14, 2012 · 1754 11/29/2001 16:20:18.500 Group = y.y.172.63, IP = y.y.172.63, Received non-routing Notify message: Invalid ID info (18) The following indicates that the local gateway is not finding matching interesting traffic.

Payload ID 1 The following indicates that the remote gateway is not finding matching interesting traffic. 1754 11/29/2001 16:20:18.500 Group = y.y.172.63, IP = y.y.172.63, Received non-routing Notify message: Invalid ID info (18) The following indicates that the local gateway is not finding matching interesting traffic. 1754 11/29/2001 16:20:18

The log shows "Received notify: INVALID_ID_INFO" on the initiator firewall. RESOLUTION: INVALID_ID_INFO can occur both in Phase 1 and in Phase 2 of building up a VPN tunnel. Indicates there is a mismatch of proposals during phase 1 or phase 2 negotiation between a site-to-site VPN. Received notify: INVALID_ID_INFO. IKE Phase 1 or Phase 2 Settings are mismatched between the SonicWall and the Remote Peer. Received notify: ISAKMP_AUTH_FAILED. Invalid ID info (18) is the easiest to identify. This message is stating that the Encryption Domains do not match on both sides of the VPN. If the ASA has received this message, this means all other settings are valid for Phase 2, just the Access-List for the VPN needs to be updated on either the ASA or Remote Peer. Hi All, I had a number of IPSEC VTI VPN tunnels up and working prior to an IOS router upgrade. The device is a c3945 and was previous running: c3900e-universalk9-mz.SPA.154-3.M3.bin and upgrade to: c3900e-universalk9-mz.SPA.157-3.M4b.bin All except one IPSEC VPN Tunnel re-established after the u