Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

no_proposal_chosen?

fg60wifi and fg400, both on their version of 3.0 mr1. fg400 is 3.0 build 247 dated 04/17/06, fg60wf on 3.0 build 8074 dated 04/18/06. both p1 are set to main/preshared/3des+sha1 and 3des+md5, even thing else default. anyway, i can' t even get the vpn past phase1... i' ve checked and rechecked the settings, as well as recreated p1/p2/policies, with/without quickselector (although this is moot as it doesn' t even make it past phase1) also did a search and can' t find any other similar issues... the log from the fg400: 3 2006-08-24 12:26:32 error negotiate Received error notification from peer: NO_PROPOSAL_CHOSEN 4 2006-08-24 12:26:26 error negotiate Received error notification from peer: NO_PROPOSAL_CHOSEN 5 2006-08-24 12:26:26 notice negotiate Initiator: sent 24.234.118.188 main mode message #1 (OK) and the log from the fg60wifi: 22 2006-08-24 13:24:29 notice delete_phase1_sa Deleted an Isakmp SA on the tunnel to 204.14.39.186:500 23 2006-08-24 13:24:29 notice negotiate Responder: parsed 204.14.39.186 main mode message #1 (ERROR) 24 2006-08-24 13:24:29 error negotiate Negotiate SA Error: Peer' s SA proposal does not match local policy. 25 2006-08-24 13:24:23 notice negotiate Initiator: sent 204.14.36.186 main mode message #1 (OK) (*note: time' s a bit off, forgot to check daylight savings time) anyway, any help would be appreciated.
4 REPLIES 4
Not applicable

I' ll bite on this quickly. I am not an expert. You need to check your phase 1 parameters. It' s not even getting to Phase 2. The SA in the FGT 60 suggests that it might be a disagreement in the source and destination networks.
red_adair
New Contributor III

you may want to try: #diag debug ena #diag debug application ike 3 this will tell you what proposal doesn' t match. Used peer IDs not matching ? -R.
Not applicable

i' ve checked both phase settings, and both match up exactly. question on the debug though. with the debug enabled, where' s the output? just dumps to memory logging? or am i supposed to point something somewhere... thanks for the help in advanced...i' m far from being an " expert" on these boxes, especially since they keep changing things every revision...
red_adair
New Contributor III

you should enter these commands through CLI (i prefer SSH) and that' s where you should see the output. -R.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors