Cisco device sends back NO_PROPOSAL_CHOSEN if it does not find any matching policy for the proposal. Otherwise, the Cisco device sends the set of parameters chosen. NSX Edge to Cisco . To facilitate debugging, you can enable IPSec logging on the NSX Edge and enable crypto debug on Cisco (debug crypto isakmp ).

Jul 1 12:22:47 fwba01 kmd[2550]: KMD_VPN_PV_PHASE1: IKE Phase-1 Failure: No proposal chosen [spi=(null), src_ip=80.94.48.251, dst_ip=81.161.60.203] Jul 1 12:22:47 fwba01 kmd[2550]: IKE negotiation failed with error: No proposal chosen. If there are any other IPSec VPN clients running on the computer, quit them all and restart the Zyxel IPSec VPN Client. Contact tech support @ 800-255-4101 option 5. Available Monday-Friday from 8AM-5PM PT. Submit a support request form here. No proposal chosen Phase 1 Algorithms mismatch 3. msg: notification NO-PROPOSAL-CHOSEN received in informational exchange (repeats 5 times) Cycle repeats for 5-20 minutes, then tunnel establishes p2 again just fine. I've confirmed that both phase 1 and phase 2 match on each end. Coworkers looked too! But we're still getting this behavior. Current settings: p1: 3DES/SHA1/DH2/Lifetime 28800 The remote address of the VPN is not listed in the output of the show security ike security-associations command. Solution: The VPN messages described in this article are shown in the syslog files. You can troubleshoot IPSec VPN tunnel connectivity issues by running IPSec configuration commands from the NSX Edge CLI. You can also use the vSphere Web Client and the NSX Data Center for vSphere REST APIs to determine the causes of tunnel failure and view the tunnel failure messages. no SA proposal chosen means that the security association doesn't match on both sides. Maybe a keylife time in one side is 86400 and in the other side is 86400. You should post IKE phase 1 and phase2 from each fortigate. receiving <<< isakmp oak info *(hash, notify:no_proposal_chosen) from x.x.x.x 1344 21:17:30.812 09/22/08 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to x.x.x.x

Common Errors¶. The following examples have logs edited for brevity but significant messages remain. Logging for IPsec is configured at VPN > IPsec, Advanced Settings tab. . The most useful logging settings for diagnosing tunnel issues with strongSwan on pfSense® software version 2.2.x

Jul 06, 2010 · debugging NO_PROPOSAL_CHOSEN Hello - I am not new to VPN's at all but this is something I really need to know because a lot of the time I am dealing with ESL people and there are enough barriers at play already.

02/28/06 14:36 iked[129]: Received NO_PROPOSAL_CHOSEN message, mess_id=0xE80A9A98 For my VPN configuration via my firewall, I have the local network setup as 199

If there are any other IPSec VPN clients running on the computer, quit them all and restart the Zyxel IPSec VPN Client. Contact tech support @ 800-255-4101 option 5. Available Monday-Friday from 8AM-5PM PT. Submit a support request form here. No proposal chosen Phase 1 Algorithms mismatch