Meraki

Curits

Hello All,

I've just installed a new MX67 appliance at a site and wanting to configure a site to site VPN to a SonicWall in another office, I got everything configured to what I thought was right and can see the remote IP of my MX67 hitting the SonicWall logs, I keep getting the same message "No Proposal Chosen", all of my research points to this meaning that the phase two details don't align, I've meticulously gone through and made sure everything matches but getting the same message.

Just wondering if anyone had any troubleshooting tips for me or anyone that might have had issues with this in the past?

Any advice is much appreciated,

Best wishes,

Curtis

RWelch

The "No Proposal Chosen" error when configuring a site-to-site VPN between a Meraki MX67 and a SonicWall usually means the phase 2 parameters do not match between the devices.

If you are using custom IPsec policies on the MX, make sure the SonicWall settings match those custom parameters. If the error persists, try deleting and recreating the VPN configuration, double-checking every field (i.e., on the SonicWall "Advanced" tab, check "Enable Keepalive").

MX to Sonicwall Site-to-Site VPN Setup

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Curits

Hey There,

Thanks for coming back to me, I'll give this a go tomorrow with the recommended values from above, if I still cant get it working I'll post some screenshots of my config maybe someone can spot where I've gone wrong.

Will let you know how I get on and appreciate your assistance :).

Best wishes,

alemabrahao

Maybe this document will help you.

https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Site-t...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

ScottCarter

Salut Curtis, le message “No Proposal Chosen” indique effectivement un problème de correspondance entre les paramètres de la phase 2 du VPN. Même si tout semble aligné, il est souvent utile de vérifier certains détails que l’on peut oublier : les algorithmes de chiffrement et d’authentification exacts, la longueur des clés, les sous-réseaux Avia Masters locaux et distants, et la méthode PFS si elle est activée. Parfois, un simple écart dans l’ordre des propositions ou un paramètre PFS non identique peut bloquer la négociation. Une autre astuce est d’activer le logging détaillé sur les deux appareils pour voir exactement quelle proposition est refusée, cela permet souvent de trouver le paramètre discordant rapidement.

Curits

Hey Guys,

Unfortunately still in the same place as before, I've tried recommended config and checked things all way round and I have absolutely no idea why this tunnel wont connect, the only logs I get on the SonicWall are these two messages over and over again every 2 minutes.

Not sure if anyone can help further?

Curits

Hey Guys,

I've finally got this working, I ran a packet capture and for some reason whenever I changed a setting on the Meraki peer even when saving it wouldn't actually broadcast the changes I've made, for example if I configured the diffie-hellman group to 4 from 14 it would still broadcast 14 even though the peer config showed that it was 4.

I deleted and re-created the peer and the tunnel came straight up!

How strange.

Hope this helps someone else.

Meraki

Community

Issue with site to site VPN to SonicWall

Issue with site to site VPN to SonicWall