[j-nsp] SRX to vshield lan2lan
bizza
bizzam at gmail.com
Thu Jun 20 12:33:09 EDT 2013
Hi all,
does anyone has setup a lan to lan ipsec vpn between juniper srx and vmware
vshield?
I tried various configuration, but I still have some problems.
[...]
root at srx210h-fw1# show ike
proposal 1 {
authentication-method pre-shared-keys;
authentication-algorithm sha-256;
encryption-algorithm aes-256-cbc;
}
proposal 2 {
authentication-method pre-shared-keys;
authentication-algorithm md5;
encryption-algorithm 3des-cbc;
}
proposal 3 {
authentication-method pre-shared-keys;
authentication-algorithm md5;
encryption-algorithm aes-256-cbc;
}
proposal 4 {
authentication-method pre-shared-keys;
authentication-algorithm sha-256;
encryption-algorithm 3des-cbc;
}
proposal 5 {
authentication-method pre-shared-keys;
authentication-algorithm sha1;
encryption-algorithm aes-256-cbc;
}
policy ike_pol_lan_to_remote {
mode main;
proposals [ 1 2 3 4 5 ];
pre-shared-key ascii-text "xxx"; ## SECRET-DATA
}
gateway gw_lan_to_remote {
ike-policy ike_pol_lan_to_remote;
address x.y.w.z;
local-identity inet my.ip.add.res;
external-interface reth2.0;
}
[...]
root at srx210h-fw1# show ipsec
policy ipsec_pol_lan_to_remote {
proposal-set compatible;
}
vpn lan_to_remote {
bind-interface st0.0;
ike {
gateway gw_lan_to_remote;
ipsec-policy ipsec_pol_lan_to_remote;
}
establish-tunnels immediately;
}
In /var/log/kmd i found
Jun 20 18:25:50 IKEv1 Error : Payload malformed
Jun 20 18:26:50 IKEv1 Error : Payload malformed
Jun 20 18:27:50 IKEv1 Error : Payload malformed
Jun 20 18:28:50 IKEv1 Error : Payload malformed
Jun 20 18:29:50 IKEv1 Error : Payload malformed
Jun 20 18:30:50 IKEv1 Error : Payload malformed
Jun 20 18:31:50 IKEv1 Error : Payload malformed
Any help?
Regards
bizza
More information about the juniper-nsp
mailing list