GRE+IPsec transport mode with Cisco router

ps0

Hello everyone,
I am trying to establish tunnel between pfsense 2.6.0 and Cisco router. Using GRE+IPsec ikev2 in transport mode . Phase1 is OK, connection established but phase2 unable to connect. In log there are messages

15[IKE] <con2|352> establishing CHILD_SA con2{25048}
15[ENC] <con2|352> generating CREATE_CHILD_SA request 406 [ N(USE_TRANSP) N(ESP_TFC_PAD_N) SA No TSi TSr ]
15[NET] <con2|352> sending packet: from x.x.x.x[500] to y.y.y.y[500] (224 bytes)
16[NET] <con2|352> received packet: from y.y.y.y[500] to x.x.x.x[500] (80 bytes)
16[ENC] <con2|352> parsed CREATE_CHILD_SA response 406 [ N(TS_UNACCEPT) ]
16[IKE] <con2|352> received TS_UNACCEPTABLE notify, no CHILD_SA built
16[IKE] <con2|352> failed to establish CHILD_SA, keeping IKE_SA
16[CHD] <con2|352> CHILD_SA con2{25048} state change: CREATED => DESTROYING

As far as I understand this means that traffic selector does not match. But in transport mode no traffic selectors can be specified.
What need to be fixed?
Thanks in advance.

jimp

You might need to check the logs on the Cisco and see exactly what it's rejecting. All pfSense can see is that Cisco didn't like it, not why.

ps0

Unfortunately I don't have access to Cisco.