Warning : "Traffic Selectors Unacceptable".

This article describes the Log message "Traffic Selector Unacceptable" in a IPSEC VPN tunnel.

In a site-to-site VPN tunnel, if there is a mismatch in the networks defined for the VPN tunnel, it results in the "Traffic Selectors Unacceptable" warning message in the Logs.

Let us consider the following example :

A site-to-site VPN tunnel is created between SITE A and SITE B using MAIN MODE or AGGRESSIVE MODE or IKEv2 MODE .

LAN network on SITE A: 192.168.168.0/255.255.255.0

                                           172.16.10.0/255.255.255.0

LAN network on SITE B: 10.10.10.0/255.255.255.0

In order to avoid a mismatch, Under the VPN > Network, verify that :

• On SITE A :
  • LOCAL NETWORK - 192.168.168.0/255.255.255.0 (Zone - LAN) 
                                      172.16.10.0/255.255.255.0 (Zone - LAN)
    
    
  • REMOTE NETWORK - 10.10.10.0/255.255.255.0 (Zone - VPN)

• ON SITE B :
  • LOCAL NETWORK - 10.10.10.0/255.255.255.0 (Zone - LAN)
    
    
  • REMOTE NETWORK - 192.168.168.0/255.255.255.0 (Zone - VPN)
                                          172.16.10.0/255.255.255.0 (Zone - VPN)

So, LOCAL NETWORK of SITE A should match the REMOTE NETWORK of SITE B, and REMOTE NETWORK of SITE A should match the LOCAL NETWORK of SITE B in order to prevent the Traffic Selector Unacceptable warning in logs.

NOTE: The IP addresses shown here are for example purposes only. Replace them with the IP addresses of your network.