IPsec NO_PROPOSAL_CHOSEN error in IPsec Log

IPsec configurations are often a point of issue, and can be very difficult and tedious to determine what exactly the issue is. Many users view our IPsec configuration log (Apps > IPsec VPN > IPsec Log), but have difficulty parsing through or understanding the output. However, it is more often than not that the most common output in the logs viewed during issues are continuous lines stating NO_PROPOSAL_CHOSEN. This is usually a simple fix, as it simply means that the Phase 1 and/or Phase 2 configuration settings are not matching. Though it is recommend to keep the Phase 1 and Phase 2 configurations unchecked (default) while creating tunnels, when this issue occurs, it is important to enable them and have identical matching configurations on both sides of the tunnel, as this will resolve the issue.

mceclip0.png

NOTE: Below is an example log output of NO_PROPOSAL_CHOSEN

Jun 13 11:04:41 Altamira charon: 13[IKE] 66.84.194.64 is initiating an IKE_SA
Jun 13 11:04:41 Altamira charon: 13[IKE] 66.84.194.64 is initiating an IKE_SA
Jun 13 11:04:41 Altamira charon: 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Jun 13 11:04:41 Altamira charon: 13[NET] received packet: from 66.84.194.64[500] to 200.94.129.202[500] (376 bytes)
Jun 13 11:04:41 Altamira charon: 07[JOB] deleting half open IKE_SA after timeout
Jun 13 11:04:39 Altamira charon: 14[NET] sending packet: from 200.94.129.202[500] to 201.155.194.201[500] (40 bytes)
Jun 13 11:04:39 Altamira charon: 14[ENC] generating INFORMATIONAL_V1 request 2348143140 [ N(NO_PROP) ]
Jun 13 11:04:39 Altamira charon: 14[IKE] no IKE config found for 200.94.129.202...201.155.194.201, sending NO_PROPOSAL_CHOSEN
Jun 13 11:04:39 Altamira charon: 14[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V ]

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk