The log shows "Received Notify: No Proposal Chosen"

The log message "Received notify: No_Proposal_Chosen" indicates there is a mismatch of proposals during phase 1 or phase 2 negotiation between a site-to-site VPN.

Logs on Initiator

The logs on the Responder SonicWall will clearly display the exact problem, ensure that the Proposals are identical on both the VPN policies.

Logs on Responder

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

1. Log into the SonicWall GUI.
2. Click Network in the top navigation menu.
3. Go to IPsec VPN | Rules and Settings and click the configure icon on to the appropriate VPN SA name.
4. On the Proposals tab, make sure the IKE (Phase 1) proposal and IPSec (Phase 2) proposal is identical to the remote firewall.
   NOTE: Make also sure the Perfect Forward Secrecy settings match on the local and remote firewall.
   
   
   NOTE: In a Manual key configuration, the incoming SPI for the main site is the outgoing SPI for the remote site and vice versa.
   

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

1. Log into the SonicWall GUI.
2. Click Manage in the top navigation menu.
3. Go to VPN | Base Settings and click the configure icon next to the appropriate VPN SA name.
4. On the Proposals tab, make sure the IKE (Phase 1) proposal and IPSec (Phase 2) proposal is identical to the remote firewall.
   

   NOTE: Make also sure the Perfect Forward Secrecy settings match on the local and remote firewall.
   
   NOTE: In a Manual key configuration, the incoming SPI for the main site is the outgoing SPI for the remote site and vice versa.

SW3902