What Are the Restrictions for Manual Configuration of Encryption and Authentication Keys?
The key of the local inbound SA must be the same as that of the peer outbound SA. So are the local outbound SA and peer inbound SA.
The key must be entered in the same way at both ends of an IPSec tunnel. If the key is input in character string form at one end and in hexadecimal form at the other end, the security tunnel cannot be set up.