Issue Description

NGAF and Mikrotik build IPSec VPN unsuccesful. In NGAF system log show warning received too many payload as figure shown below.

Error/Warning Logs:

Noted: Mikrotik in aggressive mode.

Handling Process

1. Check the phase 1 and phase 2 configuration on both side are same.
2. Perform packet capture and found out Mikrotik request to NGAF first.
3. Analyse the packet capture found out the receive many payload.
   
4. In dlan version 6.2.0 and above, there is limitation in payload number.

Root Cause

New dlan version has limit the number of payload during phase 1 negotiation.

Solution

Get patch form Sangfor Support to increase the limit.