The log shows "IPSec Proposal does not match (Phase 1 and Phase 2)"
12/20/2019 1,284 People found this article helpful 415,097 Views
Description
IKE Responder: IKE proposal does not match (Phase 1)
Check the SAs of both SonicWalls. This indicates a Phase 1 encryption/authentication mismatch.
IKE Responder: IPSec Proposal does not match (Phase 2)
The initiating SonicWall sent an IPSec proposal that does not match the responding SonicWall during Phase 2 negotiations. There should be an additional error message in the responder log specifying the proposal item that did not match.
Sometimes you will see this error when you have a site-to-site VPN in Aggressive mode. In this setup, it usually means the name of the VPN SA was not the same as the unique firewall identifier (UFI) of the device on the other side. Each side must be the same as the UFI of the device on the opposite end.
Related Articles
Categories
Was This Article Helpful?
YESNO