cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

99
Views
0
Helpful
0
Replies
Highlighted
Beginner

IKEv2 error NO_PROPOSAL_CHOOSEN with Palo alto

Hi,

 

I am trying to set up a site to site VPN for one of our client with palo alto. However VPN phase 1 is not coming up and when I ran debug I am getting NO_PROPOSAL_CHOOSEN error even though both side are configured poperly

 

setup is like below

 

|| HQ site - CiscoASA10.1.1.1===> CiscoASA 200.1.1.1|| ===========================||Client palo alto (202.1.1.1)||

The IP addresses are exmple

  • Internal asa private IP address is NATed to public IP address of Internet ASA 
  • Palo alto is the client side device
  • Both sides are configured with same algorithms but I could not see any configuration session for prf in palo alto. is it possible to disable it in ASA? whether the palo alto is using a default prf?

 

someone, please help

 

 

Everyone's tags (1)