Exam PCNSE All QuestionsBrowse all questions from this exam
Go to Exam
Question 297

An administrator analyzes the following portion of a VPN system log and notices the following issue:

`Received local id 10.10.1.4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0.`

What is the cause of the issue?

    Correct Answer: C

    The issue arises from mismatched Proxy-IDs. Proxy-IDs are essential in defining the traffic that needs to be encrypted and routed through the VPN tunnel in IPSec VPN configurations. The local ID (10.10.1.4/24) and the remote ID (10.1.10.4/24) should match, and since they do not, this indicates a mismatch in the Proxy-IDs which is causing the connection issue.

Discussion
TAKUM1yOption: C

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/vpns/set-up-site-to-site-vpn/interpret-vpn-error-messages

mysteryzjokerOption: C

C is correct https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/vpns/set-up-site-to-site-vpn/interpret-vpn-error-messages

Sammy3637Option: C

protocol 0 and port 0 gives it away... proxy ids should match on both the ends

cerifyme85

I mean.. did this guy even think before he typed this? Seriously?

sujssOption: C

Summary Palo docs.. When a PA firewalls sets up IPSEC tunnels with a device as Plicy based VPN, the other end defines differenct parameters as Proxy IDs whereas on PA they are set to the default values of 0.0.0.0/24.

WhizdhumOption: C

Answer is C. IKE phase-2 negotiation failed when processing Proxy ID. The VPN peer on one end is using a policy-based VPN. You must configure a proxy ID on the Palo Alto Networks firewall to identify the VPN peer.

hz78Option: C

C. Mismatched Proxy-IDs. The log message indicates that there is a mismatch between the local identification IP address (10.10.1.4/24) and the remote identification IP address (10.1.10.4/24) in the VPN system. This mismatch suggests that the Proxy-IDs configured on both ends of the VPN tunnel do not match. Proxy-IDs are used in IPSec VPN configurations to define the traffic that should be encrypted and protected within the VPN tunnel. Both ends of the VPN tunnel must have matching Proxy-IDs to establish a successful VPN connection and ensure proper encryption and routing of the specified traffic.

confusionOption: C

C 10.10.1.4/24 vs. 10.1.10.4/24 --> Proxy-IDs are mismatched