Refer to the exhibit.
What is a possible reason for the IPSEC tunnel not establishing?
A.
The peer is unreachable.
B.
The transform sets do not match.
C.
The proxy IDs are invalid.
D.
The access lists do not match.
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
Proxy Identities Not Supported
This message appears in debugs if the access list for IPsec traffic does not match.
1d00h: IPSec(validate_transform_proposal): proxy identities not supported
1d00h: ISAKMP: IPSec policy invalidated proposal
1d00h: ISAKMP (0:2): SA not acceptable!
The access lists on each peer needs to mirror each other (all entries need to be reversible). This
example illustrates this point.
Peer A
access-list 150 permit ip 172.21.113.0 0.0.0.255 172.21.114.0 0.0.0.255
access-list 150 permit ip host 15.15.15.1 host 172.21.114.123
Peer B
access-list 150 permit ip 172.21.114.0 0.0.0.255 172.21.113.0 0.0.0.255
access-list 150 permit ip host 172.21.114.123 host 15.15.15.1
Reference. http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ikeprotocols/
5409-ipsec-debug-00.html#proxy
0
0