cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
728
Views
2
Helpful
2
Replies

NO_PROPOSAL_CHOSEN Ipsec tunnel between ASA 9.1x and Palo Alto

tryingtofixit
Level 1
Level 1

using Ikev2, phase 1 comes up with no issues.

PA side is getting "NO_PROPOSAL_CHOSEN".

ASA side is getting "IKEv2 Negotiation aborted due to ERROR: Failed to find a matching policy".

All our phase1 and phase2 match.

yes, PRF is set, I have PRF set for Sha256.

Does the PA need to set a value for their PRF? I don't recall it does

Suggestions?

2 Replies 2

debug crypto ikev2 platform 127

 share this if you sure that phaseI is ok if not share alos below 

debug crypto ikev2 protocol 127

please do debug one by one not both in same time, to make us know this packet for which phase

MHM 

will do when I get some traffic initiated from the other side.  This is a pull from other side. 

Review Cisco Networking for a $25 gift card