ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 180 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 180
Topic #: 1
[All PCNSE Questions]

An administrator receives the following error message:
"IKE phase-2 negotiation failed when processing Proxy ID. Received local id 192. 168.33.33/24 type IPv4 address protocol 0 port 0, received remote id
172.16.33.33/24 type IPv4 address protocol 0 port 0."
How should the administrator identify the root cause of this error message?

  • A. Verify that the IP addresses can be pinged and that routing issues are not causing the connection failure.
  • B. Check whether the VPN peer on one end is set up correctly using policy-based VPN.
  • C. In the IKE Gateway configuration, verify that the IP address for each VPN peer is accurate.
  • D. In the IPSec Crypto profile configuration, verify that PFS is either enabled on both VPN peers or disabled on both VPN peers.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Plato22 at Dec. 11, 2021, 6:05 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Marshpillowz
11 months, 4 weeks ago
Selected Answer: B
B is correct
upvoted 1 times
...
DenskyDen
2 years ago
B. The VPN peer on one end is using policy-based VPN. You must configure a Proxy ID on the Palo Alto Networks firewall. See Create a Proxy ID to identify the VPN peers..
upvoted 1 times
...
lol12
2 years, 2 months ago
Selected Answer: B
B https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/vpns/set-up-site-to-site-vpn/interpret-vpn-error-messages
upvoted 4 times
...
TAKUM1y
2 years, 3 months ago
Selected Answer: B
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/vpns/set-up-site-to-site-vpn/interpret-vpn-error-messages
upvoted 3 times
...
Biz90
2 years, 10 months ago
I know this too well from dealing with ASA to PAs! Answer is B.
upvoted 4 times
...
alanouaro
3 years ago
Option B The VPN peer on one end is using policy-based VPN. You must configure a Proxy ID on the Palo Alto Networks firewall. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/vpns/set-up-site-to-site-vpn/interpret-vpn-error-messages.html
upvoted 3 times
...
Plato22
3 years, 1 month ago
B is correct. Cisco uses Policy based which is Proxy ID in Palo Alto
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel