[j-nsp] SRX to SRX VPN

Morten Isaksen misak at misak.dk
Wed Sep 15 08:58:55 EDT 2010 

If you fx. have defined

local-net 192.168.1.0/24 and remote-net 192.168.2.0/24 on one router
and local-net 192.168.2.0/23 and remote-net 192.168.1.0/24 on the
other.

Or application junos-ftp on one router and application any on the other.

The phase 2 part must be symetric.

But check the kmd log.

/Morten

On Wed, Sep 15, 2010 at 2:40 PM, Fahad Khan <fahad.khan at gmail.com> wrote:
> "mismatch between remote-net and local-net"
>
> can you elaborate ?
>
> regards
> Muhammad Fahad Khan
> JNCIP - M/T # 834
> IT Specialist
> Global Technology Services, IBM
> fahad at pk.ibm.com
> +92-301-8247638
> Skype: fahad-ibm
> http://pk.linkedin.com/in/muhammadfahadkhan
>
>
> On Wed, Sep 15, 2010 at 5:27 PM, Morten Isaksen <misak at misak.dk> wrote:
>>
>> I had the same problem (between a SRX and a Cisco box).
>>
>> It is most likely a mismatch between remote-net and local-net
>> configurations on each router.
>>
>> Try to enable traceoptions.
>>
>> edit security ike traceoptions
>> [edit security ike traceoptions]
>> set file size 1m
>> set flag policy-manager
>> set flag ike
>> set flag routing-socket
>> commit
>>
>> And check the kmd log.
>>
>> /Morten
>>
>> On Wed, Sep 15, 2010 at 1:27 PM, Fahad Khan <fahad.khan at gmail.com> wrote:
>> > Hi folks,
>> >
>> > I am trying to establish route based VPN between SRX3600(in Ch cluster)
>> > and
>> > SRX210, but stuck in phase 2 (no proposal chosen)..
>> >
>> > has any one experienced it??
>> >
>> > thanks in adv
>> >
>> > regards,
>> >
>> > Muhammad Fahad Khan
>> > JNCIP - M/T # 834
>> > IT Specialist
>> > Global Technology Services, IBM
>> > fahad at pk.ibm.com
>> > +92-301-8247638
>> > Skype: fahad-ibm
>> > http://pk.linkedin.com/in/muhammadfahadkhan
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>>
>>
>>
>> --
>> Morten Isaksen
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>



-- 
Morten Isaksen

More information about the juniper-nsp mailing list