what is the cause of this problem?

Click the Exhibit button. You have recently configured an IPsec VPN between an SRX
Series device and another non-Junos security device. The phase one tunnel is up but the
phase two tunnel is not present. Referring to the exhibit, what is the cause of this problem?

Click the Exhibit button. You have recently configured an IPsec VPN between an SRX
Series device and another non-Junos security device. The phase one tunnel is up but the
phase two tunnel is not present. Referring to the exhibit, what is the cause of this problem?

A.
preshared key mismatch

B.
mode mismatch

C.
proposal mismatch

D.
proxy-ID mismatch

Show Hint

Leave a Reply 3

Your email address will not be published. Required fields are marked *

Fe

Fe

12.1X46

you are right – option D

Sep 7 09:33:07 kmd[1393]: KMD_VPN_TS_MISMATCH: Traffic-selector mismatch, vpn name: vpn1, Peer Proposed traffic-selector local-ip: ipv4(192.168.5.0-192.168.5.255), Peer Proposed traffic-selector remote-ip: ipv4(192.168.3.0-192.168.3.255)
Sep 7 09:33:07 kmd[1393]: IKE negotiation failed with error: TS unacceptable. IKE Version: 1, VPN: test_vpn Gateway: ike-gw, Local: 10.10.10.1/500, Remote: 10.10.10.2/500, Local IKE-ID: 10.10.10.1, Remote IKE-ID: 10.10.10.2, VR-ID: 0

Action:

The proxy-id must be an exact “reverse” match of the peer’s configured proxy-id; see KB10124 – How to fix the Phase 2 error: Failed to match the peer proxy IDs.

Reply

SW

SW

TS or Traffic Selector = Proxy-ID

Answer is D

Reply