 Re: Site to Site VPN
Hi,
I ripped the text below the --- from the sofaware.com Knowledge Base. Their KB isn't the best...ok its really quite bad, but it may help.
For our VPN communities that include edge devices, I just used the standard options. In the past w/this no proposal chosen error I've seen that it relates to VPN Properties / Advanced VPN properties of the objects + community. Since edge devices don't have these object settings, I'll gvie you my community ones:
IKE Phase 1: AES-256 / SHA1
IKE Phase 2: AES-128 / MD5
Advanced VPN Prop:
IKE Phase 1: Group 2 (1024 bit)
Reneg 1440 minutes
IKE Phase 2: reneg 3600 secs
All other advanced vpn options are unselected. I'm not on the new firmware so I don't know if that's a problem or not.
---
No proposal chosen error message when creating site to site between Check Point VPN-1 module and Edge device
Answer
A VPN connection between Check Point VPN-1 and an Edge device may fail with error message 'No proposal chosen'. This can happen for the following reasons:
* The VPN-1 Edge gateway object is used in a traditional mode rulebase for the VPN (Encrypt) rule. In order to workaround this, you can use the standard Check Point externally managed gateway object instead of the VPN-1 Edge object.
* IP Compression is enabled for the VPN tunnel on SmartDashboard. The VPN-1 Edge gateway does not support IP compression.  |