What is a possible reason for the IPSEC tunnel not establishing?

Refer to the exhibit.

What is a possible reason for the IPSEC tunnel not establishing?

Refer to the exhibit.

What is a possible reason for the IPSEC tunnel not establishing?

A.
The peer is unreachable.

B.
The transform sets do not match.

C.
The proxy IDs are invalid.

D.
The access lists do not match.

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *

Snoopy

Snoopy

Proxy Identities Not Supported
This message appears in debugs if the access list for IPsec traffic does not match.
1d00h: IPSec(validate_transform_proposal): proxy identities not supported
1d00h: ISAKMP: IPSec policy invalidated proposal
1d00h: ISAKMP (0:2): SA not acceptable!
The access lists on each peer needs to mirror each other (all entries need to be reversible). This
example illustrates this point.
Peer A
access-list 150 permit ip 172.21.113.0 0.0.0.255 172.21.114.0 0.0.0.255
access-list 150 permit ip host 15.15.15.1 host 172.21.114.123
Peer B
access-list 150 permit ip 172.21.114.0 0.0.0.255 172.21.113.0 0.0.0.255
access-list 150 permit ip host 172.21.114.123 host 15.15.15.1
Reference. http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ikeprotocols/
5409-ipsec-debug-00.html#proxy

Reply