[j-nsp] SRX to vshield lan2lan
bizza
bizzam at gmail.com
Thu Jun 20 12:49:43 EDT 2013
I tried to reset PSK many times, but I still have the same issue.
Thanks
bizza
On Thu, Jun 20, 2013 at 6:47 PM, Klaus Groeger <klauzi at gmail.com> wrote:
> Hi
>
> usually it's the missmatching PSK which generates this message.
>
> Klaus
> —
> Sent from Mailbox <https://www.dropbox.com/mailbox> for iPhone
>
>
> On Thu, Jun 20, 2013 at 6:39 PM, bizza <bizzam at gmail.com> wrote:
>
>> Hi all,
>> does anyone has setup a lan to lan ipsec vpn between juniper srx and
>> vmware
>> vshield?
>> I tried various configuration, but I still have some problems.
>>
>> [...]
>>
>> root at srx210h-fw1# show ike
>> proposal 1 {
>> authentication-method pre-shared-keys;
>> authentication-algorithm sha-256;
>> encryption-algorithm aes-256-cbc;
>> }
>> proposal 2 {
>> authentication-method pre-shared-keys;
>> authentication-algorithm md5;
>> encryption-algorithm 3des-cbc;
>> }
>> proposal 3 {
>> authentication-method pre-shared-keys;
>> authentication-algorithm md5;
>> encryption-algorithm aes-256-cbc;
>> }
>> proposal 4 {
>> authentication-method pre-shared-keys;
>> authentication-algorithm sha-256;
>> encryption-algorithm 3des-cbc;
>> }
>> proposal 5 {
>> authentication-method pre-shared-keys;
>> authentication-algorithm sha1;
>> encryption-algorithm aes-256-cbc;
>> }
>> policy ike_pol_lan_to_remote {
>> mode main;
>> proposals [ 1 2 3 4 5 ];
>> pre-shared-key ascii-text "xxx"; ## SECRET-DATA
>> }
>> gateway gw_lan_to_remote {
>> ike-policy ike_pol_lan_to_remote;
>> address x.y.w.z;
>> local-identity inet my.ip.add.res;
>> external-interface reth2.0;
>> }
>>
>> [...]
>>
>> root at srx210h-fw1# show ipsec
>> policy ipsec_pol_lan_to_remote {
>> proposal-set compatible;
>> }
>> vpn lan_to_remote {
>> bind-interface st0.0;
>> ike {
>> gateway gw_lan_to_remote;
>> ipsec-policy ipsec_pol_lan_to_remote;
>> }
>> establish-tunnels immediately;
>> }
>>
>>
>> In /var/log/kmd i found
>>
>> Jun 20 18:25:50 IKEv1 Error : Payload malformed
>> Jun 20 18:26:50 IKEv1 Error : Payload malformed
>> Jun 20 18:27:50 IKEv1 Error : Payload malformed
>> Jun 20 18:28:50 IKEv1 Error : Payload malformed
>> Jun 20 18:29:50 IKEv1 Error : Payload malformed
>> Jun 20 18:30:50 IKEv1 Error : Payload malformed
>> Jun 20 18:31:50 IKEv1 Error : Payload malformed
>>
>>
>>
>> Any help?
>>
>> Regards
>> bizza
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>
--
bizza
http://www.rm-rf.eu/
More information about the juniper-nsp
mailing list