ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 297 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 297
Topic #: 1
[All PCNSE Questions]

An administrator analyzes the following portion of a VPN system log and notices the following issue:
`Received local id 10.10.1.4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0.`
What is the cause of the issue?

  • A. bad local and peer identification IP addresses in the IKE gateway
  • B. IPSec crypto profile mismatch
  • C. mismatched Proxy-IDs
  • D. IPSec protocol mismatch
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by mysteryzjoker at Oct. 19, 2022, 11:21 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Whizdhum
7 months, 1 week ago
Selected Answer: C
Answer is C. IKE phase-2 negotiation failed when processing Proxy ID. The VPN peer on one end is using a policy-based VPN. You must configure a proxy ID on the Palo Alto Networks firewall to identify the VPN peer.
upvoted 1 times
...
Sammy3637
7 months, 2 weeks ago
Selected Answer: C
protocol 0 and port 0 gives it away... proxy ids should match on both the ends
upvoted 2 times
cerifyme85
4 months ago
I mean.. did this guy even think before he typed this? Seriously?
upvoted 1 times
...
...
hz78
1 year, 2 months ago
C. Mismatched Proxy-IDs. The log message indicates that there is a mismatch between the local identification IP address (10.10.1.4/24) and the remote identification IP address (10.1.10.4/24) in the VPN system. This mismatch suggests that the Proxy-IDs configured on both ends of the VPN tunnel do not match. Proxy-IDs are used in IPSec VPN configurations to define the traffic that should be encrypted and protected within the VPN tunnel. Both ends of the VPN tunnel must have matching Proxy-IDs to establish a successful VPN connection and ensure proper encryption and routing of the specified traffic.
upvoted 1 times
...
sujss
1 year, 2 months ago
Summary Palo docs.. When a PA firewalls sets up IPSEC tunnels with a device as Plicy based VPN, the other end defines differenct parameters as Proxy IDs whereas on PA they are set to the default values of 0.0.0.0/24.
upvoted 2 times
...
confusion
1 year, 8 months ago
C 10.10.1.4/24 vs. 10.1.10.4/24 --> Proxy-IDs are mismatched
upvoted 1 times
...
TAKUM1y
1 year, 9 months ago
Selected Answer: C
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/vpns/set-up-site-to-site-vpn/interpret-vpn-error-messages
upvoted 4 times
...
mysteryzjoker
1 year, 9 months ago
C is correct https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/vpns/set-up-site-to-site-vpn/interpret-vpn-error-messages
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago