IPsec NO_PROPOSAL_CHOSEN error in IPsec Log
IPsec configurations are often a point of frustration it can be very difficult and tedious to determine what exactly the issue is. Many users view our IPsec configuration log (Apps > IPsec VPN > IPsec Log), but have difficulty parsing through or understanding the output. One of the most common issues in the logs are continuous lines stating NO_PROPOSAL_CHOSEN. This is usually a simple fix, as it simply means that the Phase 1 and/or Phase 2 configuration settings are not matching at both ends of the tunnel. Though it is recommend to keep the Phase 1 and Phase 2 configurations unchecked (default) while creating tunnels, when this issue occurs, it is important to enable them and have identical matching configurations on both sides of the tunnel, as this will resolve the issue.
NOTE: Below is an example log output of NO_PROPOSAL_CHOSEN
Jun 13 11:04:41 Altamira charon: 13[IKE] 66.84.194.64 is initiating an IKE_SA
Jun 13 11:04:41 Altamira charon: 13[IKE] 66.84.194.64 is initiating an IKE_SA
Jun 13 11:04:41 Altamira charon: 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Jun 13 11:04:41 Altamira charon: 13[NET] received packet: from 66.84.194.64[500] to 200.94.129.202[500] (376 bytes)
Jun 13 11:04:41 Altamira charon: 07[JOB] deleting half open IKE_SA after timeout
Jun 13 11:04:39 Altamira charon: 14[NET] sending packet: from 200.94.129.202[500] to 201.155.194.201[500] (40 bytes)
Jun 13 11:04:39 Altamira charon: 14[ENC] generating INFORMATIONAL_V1 request 2348143140 [ N(NO_PROP) ]
Jun 13 11:04:39 Altamira charon: 14[IKE] no IKE config found for 200.94.129.202...201.155.194.201, sending NO_PROPOSAL_CHOSEN
Jun 13 11:04:39 Altamira charon: 14[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V ]
Comments
0 comments
Please sign in to leave a comment.