Jun 5 12:48:18 Non-Meraki / Client VPN negotiation msg: notification NO-PROPOSAL-CHOSEN received in informational exchange. Jun 5 12:48:18 Non-Meraki / Client VPN negotiation msg: initiate new phase 2 negotiation: 61.xxx Jun 5 12:48:16 xxx 802.11 disassociation unknown reason Jun 5 12:48:16 Non-Meraki / Client VPN negotiation msg: failed to pre-process ph2 packet (side: 1, status: 1). Jun 5 12:48:16 Non-Meraki / Client VPN negotiation msg: no proposal chosen. Jun 5 12:48:16 Non-Meraki / Client VPN negotiation msg: no suitable policy found. Jun 5 12:48:16 Non-Meraki / Client VPN negotiation msg: not matched
it means phase 2 failed on the remote peer and they sent the notification message no proposal chosen. these settings are related to phase 2 and are :
transform set including encryption and hash
the proxies used for encryption which is the acl
the mode of the encapsulation [tunnel/transport/udp/nat-t]
What happens when you rekey is that the it can be initiated from any of the two sides. which is why it works sometimes and not the other time. look for the settings closely on both sides and the debugs on the Juniper side see why they are rejecting phase 2 proposals from Meraki.
for your concern about the lifetime. phase 1 is like a protection suite for phase 2. it makes sense keep the lifetime for that tunnel longer than the data tunnel. so under the same phase security association you can rekey multiple phase 2 associations.
Cisco Umbrella is one of the most interesting cisco security solutions. Basically, Umbrella is a cloud based solution and a big DNS Services It all starts with DNS and Precedes file execution and IP connection. Which means that Umbrella blocks malicious ...
Are you responsible for risk management, compliance management and auditing of a network?
If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ...
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari...
Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ...