Functioning IPsec VPN, EST-P1 error on both sides

I have a functioning VPN between a XG210 and a XG85, yet both sides are spitting out the following error:


EST-P1: System did not accept any proposal received. Need to reconfigure the connection on either of the ends. 


Can someone explain to me what steps I should take to resolve this?

  • Hi  

    Thank you for contacting us.

    What is the status of VPN tunnel, active or Inactive?

    Please make sure that Policy should be the same for SPI at both ends, preshared key, passphrase should be the same.

    The error suggests that there is a mismatch in policy configuration.

    Please use the given article and verify the configuration -

  • In reply to Keyur:

    Thanks, Keyur.


    The site-to-site connection is active and connected. Earlier, I inactivated it and reactivated it and the VPN connected up with no problem, but I still got this error.


    In looking at the configuration of both, they seem to be identical (Aside from each having distinct endpoints and network details). The remote site is setup as the initiator and our home site is set to respond only. 

  • In reply to Jeremy Hunt:


    If the communication working flawless, I suspect that it may be because we have select multiple SPI while configuration and maybe one of them may be mismatching while negotiation. It would be great if you could provide more logs, It might be possible it is from different IPsec VPN tunnel which is configured and active but not used.