An administrator receives the following error message:
"IKE phase-2 negotiation failed when processing Proxy ID. Received local id 192. 168.33.33/24 type IPv4 address protocol 0 port 0, received remote id
172.16.33.33/24 type IPv4 address protocol 0 port 0."
How should the administrator identify the root cause of this error message?

A. Verify that the IP addresses can be pinged and that routing issues are not causing the connection failure.

B. Check whether the VPN peer on one end is set up correctly using policy-based VPN.

C. In the IKE Gateway configuration, verify that the IP address for each VPN peer is accurate.

D. In the IPSec Crypto profile configuration, verify that PFS is either enabled on both VPN peers or disabled on both VPN peers.








 

Suggested Answer: B

Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/vpns/set-up-site-to-site-vpn/interpret-vpn-error-messages.html

This question is in PCNSE Palo Alto Networks Certified Network Security Engineer Exam
For getting Palo Alto Networks Certified Network Security Engineer (PCNSE) Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Palo Alto Networks.
Trademarks, certification & product names are used for reference only and belong to Palo Alto Networks.
The website does not contain actual questions and answers from Palo Alto Networks's Certification Exams.