[j-nsp] Tunnel failing at "No propsal chosen" but works when target is another device
Tore Anderson
tore at fud.no
Tue Nov 26 04:24:25 EST 2013
* Mattias Gyllenvarg
> The issue is a IPsec tunnel that will not establish with one device as the
> HUB but works with a different device.
>
> Spoke is SRX210 cluster
>
> Hub is SRX240 cluster
>
> Replacement Hub is a stand-alone SRX210
>
> Junos is 12.1X44-D20.3 across the board.
I had a similar problem. With JUNOS 11.4 in both ends, it worked fine,
after upgrading to 12.1 the exact same config failed to establish
tunnels, giving the "no proposal chosen" error message.
The solution was to revert back to 11.4 on the hubs (which in my case
are passive and never initiate tunnel establishment). The spokes are
still 12.1, but that seems to work fine.
Tore
More information about the juniper-nsp
mailing list