[j-nsp] Problem in Netscreen VPN

Stefan Fouant sfouant at gmail.com
Sat Jul 26 12:32:57 EDT 2008


Phase 1 IKE setup is complete. You'll want to look at the Phase 2
IPsec configuration to identify the culprit. Pay special attention to
make sure the Proxy IDs match as that is a typical cause for Phase 2
failures. Also, in these cases the log file on the initiator has no
useable information to help identify the failure. You should always
analyze the log file on the respondent to identify the root cause of
the failure.

Regards,



On 7/26/08, Mohd Arshad <kharshadm at yahoo.co.in> wrote:
> I am facing problrm while configuring the Netscreen Remote VPN the error log
> is Given Below.on the other side I gave Juniper ISG firewall/VPN
> I have done the configurations as per documentation but i am not able to
> establish VPN connection
> If any bodey can Help I will be thankfull
> Thanks
> Arshad
> The Log of netscreen remote are given below
>
>  7-26: 17:17:40.328
>  7-26: 17:17:40.328 My Connections\mutadawal_vpn - Initiating IKE Phase 1
> (IP ADDR=212.100.192.66)
>  7-26: 17:17:40.796 My Connections\mutadawal_vpn - SENDING>>>> ISAKMP OAK AG
> (SA, KE, NON, ID, VID 6x)
>  7-26: 17:17:41.093 My Connections\mutadawal_vpn - RECEIVED<<< ISAKMP OAK AG
> (SA, VID 3x, KE, NON, ID, HASH)
>  7-26: 17:17:41.093 My Connections\mutadawal_vpn - Peer supports Dead Peer
> Detection Version 1.0
>  7-26: 17:17:41.093 My Connections\mutadawal_vpn - Dead Peer Detection
> enabled
>  7-26: 17:17:41.375 My Connections\mutadawal_vpn - SENDING>>>> ISAKMP OAK AG
> *(HASH, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
>  7-26: 17:17:41.375 My Connections\mutadawal_vpn - Established IKE SA
>  7-26: 17:17:41.375 My Connections\mutadawal_vpn -   MY COOKIE f0 49 bb bc
> 2d 9a 8 8c
>  7-26: 17:17:41.375 My Connections\mutadawal_vpn -   HIS COOKIE e7 1 9 27 6b
> 4c 42 a
>  7-26: 17:17:41.703 My Connections\mutadawal_vpn - Initiating IKE Phase 2
> with Client IDs (message id: 5D63C7BF)
>  7-26: 17:17:41.703 My Connections\mutadawal_vpn -   Initiator = IP
> ADDR=192.168.0.20, prot = 0 port = 0
>  7-26: 17:17:41.703 My Connections\mutadawal_vpn -   Responder = IP
> ADDR=172.16.1.21, prot = 0 port = 0
>  7-26: 17:17:41.703 My Connections\mutadawal_vpn - SENDING>>>> ISAKMP OAK QM
> *(HASH, SA, NON, KE, ID 2x)
>  7-26: 17:17:56.984 My Connections\mutadawal_vpn - QM re-keying timed out.
> Retry count: 1
>  7-26: 17:17:56.984 My Connections\mutadawal_vpn - SENDING>>>> ISAKMP OAK QM
> *(Retransmission)
>  7-26: 17:18:11.984 My Connections\mutadawal_vpn - QM re-keying timed out.
> Retry count: 2
>  7-26: 17:18:11.984 My Connections\mutadawal_vpn - SENDING>>>> ISAKMP OAK QM
> *(Retransmission)
>  7-26: 17:18:27.015 My Connections\mutadawal_vpn - QM re-keying timed out.
> Retry count: 3
>  7-26: 17:18:27.015 My Connections\mutadawal_vpn - SENDING>>>> ISAKMP OAK QM
> *(Retransmission)
>  7-26: 17:18:42.015 My Connections\mutadawal_vpn - Exceeded 3 attempts
> (message id: 5D63C7BF)
>  7-26: 17:18:42.015 My Connections\mutadawal_vpn - Disconnecting IKE SA
> negotiation
>  7-26: 17:18:42.015 My Connections\mutadawal_vpn - Deleting IKE SA (IP
> ADDR=212.100.192.66)
>  7-26: 17:18:42.015 My Connections\mutadawal_vpn -   MY COOKIE f0 49 bb bc
> 2d 9a 8 8c
>  7-26: 17:18:42.015 My Connections\mutadawal_vpn -   HIS COOKIE e7 1 9 27 6b
> 4c 42 a
>  7-26: 17:18:42.015 My Connections\mutadawal_vpn - SENDING>>>> ISAKMP OAK
> INFO *(HASH, DEL)
>
>
>
>       From Chandigarh to Chennai - find friends all over India. Go to
> http://in.promos.yahoo.com/groups/citygroups/
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

-- 
Sent from Gmail for mobile | mobile.google.com

Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D


More information about the juniper-nsp mailing list