Overview
While trying to configure the IPSec VPN tunnel with another firewall, the following error is returned:
None of the proposed crypto suites was acceptable
The state of a tunnel appears as Connecting.
The error logs report a similar entry:
IPsec: Failed to establish connection with remote endpoint x.x.x.x: None of the proposed crypto suites was acceptable
This article provides information on how to resolve such an issue.
Solution
This error indicates that the crypto suites from the remote host did not match the acceptable suites in Kerio Control.
Make sure to configure the same ciphers on both sides: Kerio Control and the remote firewall.
- In Kerio Control Webadmin navigate to Interfaces > double-click on VPN tunnel to open the properties > click Change > verify the Default or configure Custom ciphers.
For more information, please refer to Establishing IPSec VPN tunnel with another firewall. - Make sure the ciphers are matching on the remote site as well. Please refer to your vendor's docs for detailed information.
Another reason for issues while establishing a tunnel between two Kerio Control Firewalls could be related to the IKE versions of the firewalls. It's possible that one of the firewalls is ikev1 and the other is ikev2. Updating the IKE versions so both firewalls are ikev2 will fix the issue. Please refer to article Enabling IKEv2 Support in Kerio Control for detailed steps.