1
00:00:00,980 --> 00:00:04,390
Hello and welcome to the second troubleshooting scenario.

2
00:00:04,430 --> 00:00:10,820
So now let's say that we will type the password correctly but something will be wrong with the Phase

3
00:00:10,820 --> 00:00:12,590
1 negotiation.

4
00:00:12,590 --> 00:00:15,820
So first of all let's start the debug.

5
00:00:16,010 --> 00:00:17,060
So at mean

6
00:00:19,730 --> 00:00:31,630
nothing here and say diagnose the bug application in the application it's like and minus one and diagnose

7
00:00:31,890 --> 00:00:38,430
debug enable.

8
00:00:38,530 --> 00:00:52,170
Now let's now say added and change for the advanced settings change phase 1 and let's say we're using

9
00:00:52,320 --> 00:00:52,870
this.

10
00:00:52,870 --> 00:00:53,700
Then we don't.

11
00:00:53,730 --> 00:00:58,780
We know that these options are not available and configured on the 40 to firewall.

12
00:00:58,800 --> 00:01:02,120
So that's why I'm messing up the proposal on Phase 1.

13
00:01:02,730 --> 00:01:03,750
So let's say apply

14
00:01:06,440 --> 00:01:16,520
and close now we will see a user and for the net and say connect

15
00:01:30,300 --> 00:01:31,700
and here it is.

16
00:01:31,710 --> 00:01:41,420
So we have some logs.

17
00:01:41,560 --> 00:01:42,330
Perfect.

18
00:01:42,340 --> 00:01:45,940
So it's absolutely perfect and you'll see why.

19
00:01:45,950 --> 00:01:50,420
I've seen already the log that explains what's happening.

20
00:01:50,600 --> 00:01:54,730
So diagnose debug and disable.

21
00:01:56,440 --> 00:01:57,820
So I will minimize this.

22
00:01:57,820 --> 00:01:59,640
We don't we don't need it anymore.

23
00:01:59,650 --> 00:02:02,630
Let's look here on the issue for a firewall.

24
00:02:02,680 --> 00:02:11,440
So if the for the client it's not configured in order to match the Ike proposal on Phase 1 and it's

25
00:02:11,440 --> 00:02:19,270
using different algorithms for encryption and authentication by using the general the general law command

26
00:02:19,300 --> 00:02:24,280
diagonals debug application and minus one you will see exactly what's happening.

27
00:02:24,310 --> 00:02:31,020
Let's now go to the start and here it is.

28
00:02:31,740 --> 00:02:39,160
So my proposal and the gateway is this proposal idea number one with Isaac can we.

29
00:02:39,300 --> 00:02:48,490
There's an empty five and pressure key authentication method these appreciate key and what is the lifetime

30
00:02:48,490 --> 00:03:00,200
is this we have so proposal I.D. one proposal and the one lifetime proposal I.D. one again again and

31
00:03:00,210 --> 00:03:02,610
let's just crawl.

32
00:03:02,640 --> 00:03:08,870
So basically when the user is trying to connect the available proposals configured both on the fourth

33
00:03:08,870 --> 00:03:15,080
to get federal and the proposals available on the for the client are compared.

34
00:03:15,330 --> 00:03:22,760
And if there is no match you will see a message and hopefully and it is hopefully it is good.

35
00:03:22,830 --> 00:03:25,970
So negotiation failure it is pretty clear right.

36
00:03:25,980 --> 00:03:27,000
Negotiation failure.

37
00:03:27,000 --> 00:03:33,170
We have failed to negotiate what parameters to use in order to to build this setup.

38
00:03:33,600 --> 00:03:36,900
And he says negotiate as a camp as a error.

39
00:03:36,900 --> 00:03:38,920
No essay proposal choose them.

40
00:03:39,480 --> 00:03:41,850
So it's that simple.

41
00:03:41,850 --> 00:03:42,480
And that's it.

42
00:03:42,810 --> 00:03:44,970
If we now go and

43
00:03:48,900 --> 00:03:50,100
and change again

44
00:03:53,510 --> 00:03:59,440
open 40 client console going to remote access and we will negotiate again.

45
00:03:59,470 --> 00:04:09,650
So Eddie the selected connection and advanced settings for Phase 1 we will use here does and show one

46
00:04:09,960 --> 00:04:11,060
and say apply

47
00:04:14,790 --> 00:04:18,300
close and connect.

48
00:04:18,470 --> 00:04:20,960
We should see that the connection is successful.

49
00:04:20,960 --> 00:04:27,440
Again and then let's wait for that to happen just to confirm what I have just said.

50
00:04:28,590 --> 00:04:29,670
So disconnect

51
00:04:33,080 --> 00:04:41,620
perfect connected to HQ for the great firewall so we can see that this is also this is also self-explanatory

52
00:04:41,630 --> 00:04:47,570
so basically saying that OK we have failed to negotiate the essay The Security Association parameters

53
00:04:47,940 --> 00:04:51,990
for for Ike for internet exchange.

54
00:04:52,040 --> 00:04:53,820
Phase 1 proposal.

55
00:04:53,820 --> 00:04:57,520
So thanks a lot and see you in the next and last troubleshooting scenario.