[j-nsp] Help with vpn srx - asa
bizza
bizzam at gmail.com
Mon Mar 5 06:57:13 EST 2012
Hi,
I have some problem in to configure a vpn between a srx and a cisco asa.
This is my configuration:
ike {
proposal trans-vpn {
authentication-method pre-shared-keys;
dh-group group5;
authentication-algorithm sha-256;
encryption-algorithm aes-256-cbc;
lifetime-seconds 86400;
}
policy ike_pol_vpn2remote {
mode main;
proposals trans-vpn;
pre-shared-key ascii-text "1234567899"; ## SECRET-DATA
}
gateway gw_vpn2remote {
ike-policy ike_pol_vpn2remote;
address X.Y.W.Z;
local-identity inet A.B.C.D;
external-interface fe-0/0/7.0;
version v1-only;
}
}
ipsec {
policy ipsec_pol_vpn2remote {
proposal-set compatible;
}
vpn vpn2remote {
bind-interface st0.0;
ike {
gateway gw_vpn2remote;
ipsec-policy ipsec_pol_vpn2remote;
}
establish-tunnels immediately;
}
}
And in the asa side remote IT tech said that configuration is the
same: encryption, hash, lifetime, group, ecc..
In /var/log/kmd I found:
Mar 5 12:51:27 IKEv1 Error : Timeout
Mar 5 12:52:06 IKEv1 Error : No proposal chosen
Mar 5 12:52:27 IKEv1 Error : Timeout
Mar 5 12:52:41 IKEv1 Error : No proposal chosen
Mar 5 12:53:13 IKEv1 Error : No proposal chosen
Mar 5 12:53:27 IKEv1 Error : Timeout
Mar 5 12:53:47 IKEv1 Error : No proposal chosen
Mar 5 12:54:27 IKEv1 Error : Timeout
Mar 5 12:54:30 IKEv1 Error : No proposal chosen
Mar 5 12:55:08 IKEv1 Error : No proposal chosen
Any hints?
Regards
Marco
--
bizza
More information about the juniper-nsp
mailing list