[c-nsp] Cisco to Juniper, route based IPSec VPN

Tom Storey tom at snnap.net
Fri Nov 21 09:00:21 EST 2014


Hi everyone.

Im trying to set up a route based VPN between a Cisco IOS router (1841) and
a Juniper SRX, where the Cisco is sitting behind NAT and the Juniper is out
on the public Internet.

My tunnel interfaces arent coming up at either end, but I feel like Im
teetering on the edge of success.

Phase 1 seems to be ok (up in agressive mode), but phase 2 is a little
dubious. "debug crypto ipsec" on the Cisco isnt really giving up much in
the way of error messages. The Juniper reports "SA not initialised" and the
Cisco seems to be sending SA requests...

I feel like Im making a really noobie mistake but I cant figure out what.
Ive trawled the Internet for sample configs and from what I can see my only
difference is the specifics for my particular setup (IPs, leys,
proposals/transforms.)

Does anyone have a sample config I can review, or would you be willing to
review my current configs?

Thanks in advance.
Tom


More information about the cisco-nsp mailing list