What are two reasons for this behavior?

Refer to the Exhibit.

— Exhibit —
Feb 8 10:39:40 Unable to find phase-1 policy as remote peer:2.2.2.2 is not recognized.
Feb 8 10:39:40 KMD_PM_P1_POLICY_LOOKUP_FAILURE. Policy lookup for Phase-1
[responder] failed for p1_local=ipv4(any:0,[0..3]=1.1.1.2) p1_remote=ipv4(any:0,[0..3]=2.2.2.2)
Feb 8 10:39:40 1.1.1.2:500 (Responder) <-> 2.2.2.2:500 { dbe1d0af – a4d6d829 f9ed3bba [-1] /
0x00000000 } IP; Error = No proposal chosen (14)

— Exhibit —
According to the log shown in the exhibit, you notice that the IPsec session is not establishing.
What are two reasons for this behavior? (Choose two.)

Refer to the Exhibit.

— Exhibit —
Feb 8 10:39:40 Unable to find phase-1 policy as remote peer:2.2.2.2 is not recognized.
Feb 8 10:39:40 KMD_PM_P1_POLICY_LOOKUP_FAILURE. Policy lookup for Phase-1
[responder] failed for p1_local=ipv4(any:0,[0..3]=1.1.1.2) p1_remote=ipv4(any:0,[0..3]=2.2.2.2)
Feb 8 10:39:40 1.1.1.2:500 (Responder) <-> 2.2.2.2:500 { dbe1d0af – a4d6d829 f9ed3bba [-1] /
0x00000000 } IP; Error = No proposal chosen (14)

— Exhibit —
According to the log shown in the exhibit, you notice that the IPsec session is not establishing.
What are two reasons for this behavior? (Choose two.)

A.
mismatched preshared key

B.
mismatched proxy ID

C.
incorrect peer address

D.
mismatched peer ID

Explanation:

If the peer was not matched with the peer ID, the line “Unable to find phase-1 policy as remote
peer:192.168.1.60 is not recognized.” should be shown
Reference :http://kb.juniper.net/InfoCenter/index?page=content&id=KB10097&pmv=print

Show Hint

Leave a Reply 7

Your email address will not be published. Required fields are marked *

goj

goj

proxy is for phase 2 and whouls say qm;error=nop roposal chosen

Reply

Alex

Alex

C,D, are correct.
Usually you can find in the log -pre-shared key mismatch- if it’s the case.

Reply

ahmed

ahmed

C,D as per below :

Point 7 in this URL :

http://www.juniper.net/techpubs/en_US/junos12.3/topics/example/policy-based-vpn-using-j-series-srx-series-device-configuring.html

7.Phase 1 failing to complete, example 2. In the following show command output, the local address is 1.1.1.2 and the remote peer is 2.2.2.2. The role is responder. The reason for failing may seem to indicate that no proposal was chosen. However, you also see peer:2.2.2.2 is not recognized. This message could be caused by an incorrect peer address, a mismatched peer ID type, or an incorrect peer ID, depending on whether this is a dynamic or static VPN. The peer address must be checked first before the phase 1 proposal is checked. To resolve this issue, confirm that the local peer has the correct peer IP address. Also confirm that the peer is configured with IKE ID type as the IP address.

Reply

ahmed

ahmed

This message could be caused by an incorrect peer address, a mismatched peer ID type, or an incorrect peer ID, depending on whether this is a dynamic or static VPN.

Reply

Demetrius Moore

Demetrius Moore

Passed JN0-633 exam recently!

65 multiple choice questions, a little difficult to pass.

Pay close attention to questions on AppQoS, Routing (OSPF, BGP) in VPN (group, auto and hub-and-spoke), AppSecure, troubleshoot of IPSec, etc.

I learned valid JN0-633 dumps here:

http://www.passleader.com/jn0-633.html (209Q VCE and PDF)

Recommend to you!

Reply