NO_PROPOSAL_CHOSEN error — I’m not fully confident interpreting it and would like step-by-step guidance to get a secure IPSec tunnel working between our devices.
My topology: Hub / starting point = MX85 → Spoke / ending point = MX64.
Main Requirement :- IPsec Tunnel Between mx85 to mx64 --very secure tunnel with full control to send and receive data between two mx devices
Could you please provide a clear, easy-to-follow configuration guide (with screenshots) that includes:
- Exact UI steps and screenshots for the pages/fields to set on both MX85 and MX64 (menu path + fields to fill).
- Recommended Phase 1 (IKE) parameters (exact values you want me to enter):
- IKE version (v1 / v2)
- Encryption algorithm(s)
- Hash / integrity algorithm(s)
- DH group
- Lifetime (seconds)
- Mode (Main / Aggressive) and NAT traversal settings
- Recommended Phase 2 (IPSec) parameters (exact values):
- Encryption / integrity algorithms
- PFS (on/off and DH group)
- Lifetime (seconds)
- Exact format/requirements for the pre-shared key (length/characters) and any best practices for generating it.
- Any Meraki-specific requirements (for MX→MX vs. Meraki→non-Meraki peers) that I should be aware of.
- NAT, firewall, or port-forwarding considerations that commonly cause NO_PROPOSAL_CHOSEN.
- A short verification checklist or UI checks I can run after configuring each side to confirm proposals match.
- Examples or annotated screenshots of the VPN log entries you want me to capture if the problem continues — please show the exact log lines to capture.
- If possible, a “copy-paste” example of Phase 1/Phase 2 proposals that will work for MX85↔MX64 to avoid negotiation mismatch.
