Refer to the Exhibit.
— Exhibit —
Feb 8 10:39:40 Unable to find phase-1 policy as remote peer:2.2.2.2 is not recognized.
Feb 8 10:39:40 KMD_PM_P1_POLICY_LOOKUP_FAILURE. Policy lookup for Phase-1
[responder] failed for p1_local=ipv4(any:0,[0..3]=1.1.1.2) p1_remote=ipv4(any:0,[0..3]=2.2.2.2)
Feb 8 10:39:40 1.1.1.2:500 (Responder) <-> 2.2.2.2:500 { dbe1d0af – a4d6d829 f9ed3bba [-1] /
0x00000000 } IP; Error = No proposal chosen (14)
— Exhibit —
According to the log shown in the exhibit, you notice that the IPsec session is not establishing.
What are two reasons for this behavior? (Choose two.)
A.
mismatched preshared key
B.
mismatched proxy ID
C.
incorrect peer address
D.
mismatched peer ID
Explanation:
If the peer was not matched with the peer ID, the line “Unable to find phase-1 policy as remote
peer:192.168.1.60 is not recognized.” should be shown
Reference :http://kb.juniper.net/InfoCenter/index?page=content&id=KB10097&pmv=print
as long as CD is correct regarding this site : http://batdosi.blogspot.co.il/2014/01/troubleshoot-juniper-srx-vpn.html
i a little confused about answer B . bacause of upgrading issue in 11.2 version .
any one can help ?
0
0
proxy is for phase 2 and whouls say qm;error=nop roposal chosen
0
0
C,D, are correct.
Usually you can find in the log -pre-shared key mismatch- if it’s the case.
0
0
C,D as per below :
Point 7 in this URL :
http://www.juniper.net/techpubs/en_US/junos12.3/topics/example/policy-based-vpn-using-j-series-srx-series-device-configuring.html
7.Phase 1 failing to complete, example 2. In the following show command output, the local address is 1.1.1.2 and the remote peer is 2.2.2.2. The role is responder. The reason for failing may seem to indicate that no proposal was chosen. However, you also see peer:2.2.2.2 is not recognized. This message could be caused by an incorrect peer address, a mismatched peer ID type, or an incorrect peer ID, depending on whether this is a dynamic or static VPN. The peer address must be checked first before the phase 1 proposal is checked. To resolve this issue, confirm that the local peer has the correct peer IP address. Also confirm that the peer is configured with IKE ID type as the IP address.
0
0
This message could be caused by an incorrect peer address, a mismatched peer ID type, or an incorrect peer ID, depending on whether this is a dynamic or static VPN.
0
0
Passed JN0-633 exam recently!
65 multiple choice questions, a little difficult to pass.
Pay close attention to questions on AppQoS, Routing (OSPF, BGP) in VPN (group, auto and hub-and-spoke), AppSecure, troubleshoot of IPSec, etc.
I learned valid JN0-633 dumps here:
http://www.passleader.com/jn0-633.html (209Q VCE and PDF)
Recommend to you!
0
0
P.S.
You can download that 209Q dumps for free, here:
https://doc.co/Tek7cT
Good Luck!
0
0