We upgraded our firmware for our 60D to v5.4.3 build 1111.
Ever since, our IPsec VPN will no longer connect.
In the VPN events log we get
Action negotiateStatus negotiate_errorReason peer SA proposal not match local policy
We have matched the SA 100%. We have destroyed and re-created the VPN from scratch. This error still persists.
Is there a bug in the firmware?
I can also confirm this. I see the problem is in split tunneling which is not working. Although I have defined a object I receive 0.0.0.0/0 through the ipsec tunnel interface and my connection breaks. Tested with 5.4.3 & 5.4.4
If anyone has opened a case with the support team it will be interesting to see how this is fixed..
Why IPSEC over SSL? Did you try a test SSL connection?
SSL is working. I believe IPsec is more secure. Google search about SSL vulnerabilities confirms this in my opinion.