The log shows "Received Notify: No Proposal Chosen"

Description

The log message "Received notify: No_Proposal_Chosen" indicates there is a mismatch of proposals during phase 1 or phase 2 negotiation between a site-to-site VPN.

Logs on Initiator
Image

Resolution

The logs on the Responder SonicWall will clearly display the exact problem, ensure that the Proposals are identical on both the VPN policies.

Logs on Responder
Image

Image

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

 

  1. Log into the SonicWall GUI.
  2. Click Network in the top navigation menu.
  3. Go to IPsec VPN | Rules and Settings and click the configure icon on to the appropriate VPN SA name.
  4. On the Proposals tab, make sure the IKE (Phase 1) proposal and IPSec (Phase 2) proposal is identical to the remote firewall.
    NOTE: Make also sure the Perfect Forward Secrecy settings match on the local and remote firewall.

    Image
    NOTE: In a Manual key configuration, the incoming SPI for the main site is the outgoing SPI for the remote site and vice versa.

 

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

 

  1. Log into the SonicWall GUI.
  2. Click Manage in the top navigation menu.
  3. Go to VPN | Base Settings and click the configure icon next to the appropriate VPN SA name.
  4. On the Proposals tab, make sure the IKE (Phase 1) proposal and IPSec (Phase 2) proposal is identical to the remote firewall.

    NOTE: Make also sure the Perfect Forward Secrecy settings match on the local and remote firewall.
    Image
    NOTE: In a Manual key configuration, the incoming SPI for the main site is the outgoing SPI for the remote site and vice versa.

Issue ID

SW3902

Related Articles

  • Remediation Playbook
    Read More
  • How To change the SSO PSK
    Read More
  • How do I SSH into a SonicWall NSv Azure using SSH key pair?
    Read More
not finding your answers?
was this article helpful?