IKE negotiation failed because no IKE proposals or IKE keychains are specified correctly

Symptom

The IKE SA is in Unknown state.

<Sysname> display ike sa
    Connection-ID   Remote                Flag         DOI
------------------------------------------------------------------
    1               192.168.222.5         Unknown      IPSEC
Flags:
RD--READY RL--REPLACED FD-FADING

The following IKE event debugging or packet debugging message appeared:
IKE event debugging message:
```
Notification PAYLOAD_MALFORMED is received.
```
IKE packet debugging message:
```
Construct notification packet: PAYLOAD_MALFORMED.
```

Analysis

If the following debugging information appeared, the matched IKE profile is not using the matched IKE proposal:
```
Failed to find proposal 1 in profile profile1.
```
If the following debugging information appeared, the matched IKE profile is not using the matched IKE keychain:
```
Failed to find keychain keychain1 in profile profile1. 
```

Solution

Verify that the matched IKE proposal (IKE proposal 1 in this debugging message example) is specified for the IKE profile (IKE profile 1 in the example).
Verify that the matched IKE keychain (IKE keychain 1 in this debugging message example) is specified for the IKE profile (IKE profile 1 in the example).

prev	up	next
IKE negotiation failed because no matching IKE proposals were found	home	IPsec SA negotiation failed because no matching IPsec transform sets were found