SonicWALL TZ 180 Recommends Manual page 26

Troubleshooting TZ 180 Configuration and Settings Issues
If the SonicWALL security appliance logs display NO_PROPOSAL_CHOSEN, IKE proposal does not
match, or IKE negotiation aborted due to timeout, the Phase 1 settings are probably incorrectly set on
one or both sides. Most settings in the Proposals tab of the VPN policy must exactly match on each side,
and if they do not match exactly, the tunnel fails in Phase 1 and Phase 2. The exception to this rule the Life
Time setting; if these do not match, the VPN policy negotiates using the lower of the two settings. Figure 13
provides an example of Phase 1 setting.
Figure 13 VPN Policy Phase 1 Settings
If you have implemented the troubleshooting solutions to this point with no success, there may be
something between the two VPN devices that is blocking communication. If this is the case, verify that NAT
Traversal is enabled on both SonicWALL security appliances, and that any firewall in between is set to pass
UDP port 500 and UDP port 4500. If one of the sides is not a SonicWALL security appliance, it is necessary
to open UDP port 500 and IP type 50, since NAT Traversal may not negotiate with the third-party security
appliance.
SonicWALL TZ 180 Recommends Guide 21