Topic 1 Question 184
You are attempting to establish a HA VPN to your on-premises network; however, the VPN connection is not establishing successfully. You have full administrative control over the Google Cloud networking environment and the on-premises firewalls that are acting as the VPN devices. The Google Cloud console shows "Negotiation failure" and "BGP is down". You check Cloud Logging by using a query for resource.type="vpn_gateway" and resource.labels.gateway_id="TUNNEL_ID_NUMBER". Logs Explorer shows frequent log entries:
log name: …/logs/cloud.googleapis.com%2Fipsec_events" type: "vpn_gateway" textPayload: "received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built"
You need to troubleshoot the VPN failure and take corrective action based on the Cloud Logging entries. What should you do?
Update the Google Cloud BGP session configuration to match the BGP peer ASN on the on-premises side.
Compare and review the Phase 2 settings on the on-premises firewall. Make sure the settings match one of the supported cipher suites for HA VPN.
Create a new Cloud VPN gateway in a region closer to the peer VPN gateway.
Compare the Phase 1 settings and recreate the Cloud VPN tunnel by choosing a different IKE version and pre-shared key.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: B
The error "received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built" in the context of VPNs and IPsec typically indicates a mismatch in the configuration between the two endpoints during the negotiation of Phase 1 or Phase 2 of the IPsec tunnel. This error is common in scenarios involving IKEv1 or IKEv2 protocols and points to incompatible proposals for encryption, authentication, or other parameters.
👍 3b0b252025/02/21
シャッフルモード