Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration.
What part of the configuration should the engineer verify?
Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration.
What part of the configuration should the engineer verify?
When phase two of a VPN does not establish a connection and the peer is using a policy-based VPN configuration, the critical part of the configuration to verify is the Proxy-IDs. Policy-based VPNs require that the Proxy-IDs, which define the traffic selector values, match exactly on both sides of the VPN tunnel. Incorrect or mismatched Proxy-IDs would cause phase two failures as the devices would be unable to properly negotiate and encrypt the traffic.
PAN doesn't support Policy-based VPN. That's why we need a proxy-ID
Wrong. Look at the question before state something my dear colleague: "The peer is using a policy-based VPN configuration." It's says the peer, so you use Proxy IDs.
I think this should be C - Proxy ID https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbXCAS https://live.paloaltonetworks.com/t5/general-topics/phase-2-tunnel-is-not-up/td-p/424789
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbXCAS
C is correct