Click the Exhibit button. You have recently configured an IPsec VPN between an SRX
Series device and another non-Junos security device. The phase one tunnel is up but the
phase two tunnel is not present. Referring to the exhibit, what is the cause of this problem?
A.
preshared key mismatch
B.
mode mismatch
C.
proposal mismatch
D.
proxy-ID mismatch
answer is right , its D
recording to : https://kb.juniper.net/InfoCenter/index?page=content&id=KB30547&actp=search
0
0
12.1X46
you are right – option D
Sep 7 09:33:07 kmd[1393]: KMD_VPN_TS_MISMATCH: Traffic-selector mismatch, vpn name: vpn1, Peer Proposed traffic-selector local-ip: ipv4(192.168.5.0-192.168.5.255), Peer Proposed traffic-selector remote-ip: ipv4(192.168.3.0-192.168.3.255)
Sep 7 09:33:07 kmd[1393]: IKE negotiation failed with error: TS unacceptable. IKE Version: 1, VPN: test_vpn Gateway: ike-gw, Local: 10.10.10.1/500, Remote: 10.10.10.2/500, Local IKE-ID: 10.10.10.1, Remote IKE-ID: 10.10.10.2, VR-ID: 0
Action:
The proxy-id must be an exact “reverse” match of the peer’s configured proxy-id; see KB10124 – How to fix the Phase 2 error: Failed to match the peer proxy IDs.
0
0
TS or Traffic Selector = Proxy-ID
Answer is D
0
0