Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What is the meaning of 'Received notify message for DOI [1] [14] [NO_PROPOSAL_CHOSEN]'?

0

0

Article ID: KB6168 KB Last Updated: 19 Mar 2020Version: 9.0
Summary:
This article describes the issue of the notify message being received by Netscreen from the peer for DOI <1> <14> < no_proposal_chosen >.
Symptoms:

Environment:

  • IKE Phase 1 negotiation is successful.

  • Phase 2 initiated the negotiation, before the <NO_PROPOSAL_CHOSEN> message was generated.
 

Symptoms and errors:

  • Received the notify message for DOI <1> <14> <NO_PROPOSAL_CHOSEN>.

  • IKE Phase 2 negotiation fails.
Cause:
This issue indicates a mismatch in proposals between the two peers. Chances are, one side has nopfs, whereas the other side has perfect forward secrecy enabled.
Solution:
Change the Phase 2 proposal on NetScreen from nopfs-xxx-xxxx-xxx  to  g2-xxx-xxxx-xxx. For example, If phase 2 proposal is nopfs-esp-3des-sha, change it to g2-esp-3des-sha.

For more information, refer to:
 
Modification History:
2020-03-19: Minor non-technical updates.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search