Netgear UTM25 – ProSECURE Unified Threat Management (UTM) Appliance User Manual
Troubleshoot the VPN Client
115
NETGEAR ProSAFE VPN Client
NO_PROPOSAL_CHOSEN error
This is a phase 2 error.
VPN console log:
Default sysdep_app_open: Init Connection for : Cnx-Cnx-P2 Cnx-remote-addr
Default sysdep_app_open: IPV4_SUBNET Network 192.168.1.1
Default sysdep_app_open: IPV4_SUBNET Netmask 255.255.255.0
Default (SA Cnx-P1) SEND phase 1 Main Mode [SA][VID]
Default (SA Cnx-P1) RECV phase 1 Main Mode [SA][VID]
Default (SA Cnx-P1) SEND phase 1 Main Mode [KEY][NONCE]
Default (SA Cnx-P1) RECV phase 1 Main Mode [KEY][NONCE]
Default (SA Cnx-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY]
Default (SA Cnx-P1) RECV phase 1 Main Mode [ID][HASH][NOTIFY]
Default phase 1 done: initiator id c364cd70: 195.100.205.112, responder id c364cd72:
195.100.205.114, src: 195.100.205.112 dst: 195.100.205.114
195.100.205.114, src: 195.100.205.112 dst: 195.100.205.114
Default (SA Cnx-Cnx-P2) SEND phase 2 Quick Mode [SA][KEY][ID][HASH][NONCE]
Default RECV Informational [HASH][NOTIFY] with NO_PROPOSAL_CHOSEN error
Default RECV Informational [HASH][DEL]
Default Cnx-P1 deleted
Explanation. The phase 2 encryption algorithms might mismatch on the tunnel endpoints.
Resolution. Ensure that the phase 2 ESP encryption algorithms are the same on each side
of the VPN tunnel. For information about configuring encryption algorithms, see
of the VPN tunnel. For information about configuring encryption algorithms, see
37.
INVALID_ID_INFORMATION error
VPN console log:
Default sysdep_app_open: Init Connection for : Cnx-Cnx-P2 Cnx-remote-addr
Default sysdep_app_open: IPV4_SUBNET Network 192.168.3.1
Default sysdep_app_open: IPV4_SUBNET Netmask 255.255.255.0
Default (SA Cnx-P1) SEND phase 1 Main Mode [SA][VID]
Default (SA Cnx-P1) RECV phase 1 Main Mode [SA][VID]
Default (SA Cnx-P1) SEND phase 1 Main Mode [KEY][NONCE]
Default (SA Cnx-P1) RECV phase 1 Main Mode [KEY][NONCE]
Default (SA Cnx-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY]
Default (SA Cnx-P1) RECV phase 1 Main Mode [ID][HASH][NOTIFY]
Default phase 1 done: initiator id c364cd70: 195.100.205.112, responder id c364cd72:
195.100.205.114, src: 195.100.205.112 dst: 195.100.205.114
195.100.205.114, src: 195.100.205.112 dst: 195.100.205.114
Default (SA Cnx-Cnx-P2) SEND phase 2 Quick Mode [SA][KEY][ID][HASH][NONCE]
Default RECV Informational [HASH][NOTIFY] with INVALID_ID_INFORMATION error
Default RECV Informational [HASH][DEL]
Default Cnx-P1 deleted
Explanation. The addresses might mismatch on the tunnel endpoints, or a security
association (SA) might no longer be alive.
association (SA) might no longer be alive.