Check Point Certified Security Administrator (CCSA) R80 — Question 377

When attempting to start a VPN tunnel, in the logs the error 'no proposal chosen' is seen numerous times. No other VPN-related log entries are present. Which phase of the VPN negotiations has failed?

Answer options

• A. IKE Phase 1
• B. IPSEC Phase 2
• C. IPSEC Phase 1
• D. IKE Phase 2

Correct answer: A

Explanation

The error 'no proposal chosen' indicates that the negotiation for IKE Phase 1 has failed, typically due to mismatched configurations or proposals between the two VPN peers. The other phases, IPSEC Phase 1 and Phase 2, are not relevant here since the failure is specifically indicated during the initial IKE negotiation phase.