[j-nsp] SRX to vshield lan2lan

Klaus Groeger klauzi at gmail.com
Thu Jun 20 12:47:44 EDT 2013 

Hi


​usually it's the missmatching PSK which generates this message.



​Klaus 

—
Sent from Mailbox for iPhone

On Thu, Jun 20, 2013 at 6:39 PM, bizza <bizzam at gmail.com> wrote:

> Hi all,
> does anyone has setup a lan to lan ipsec vpn between juniper srx and vmware
> vshield?
> I tried various configuration, but I still have some problems.
> [...]
> root at srx210h-fw1# show ike
> proposal 1 {
>     authentication-method pre-shared-keys;
>     authentication-algorithm sha-256;
>     encryption-algorithm aes-256-cbc;
> }
> proposal 2 {
>     authentication-method pre-shared-keys;
>     authentication-algorithm md5;
>     encryption-algorithm 3des-cbc;
> }
> proposal  3 {
>     authentication-method pre-shared-keys;
>     authentication-algorithm md5;
>     encryption-algorithm aes-256-cbc;
> }
> proposal 4 {
>     authentication-method pre-shared-keys;
>     authentication-algorithm sha-256;
>     encryption-algorithm 3des-cbc;
> }
> proposal 5 {
>     authentication-method pre-shared-keys;
>     authentication-algorithm sha1;
>     encryption-algorithm aes-256-cbc;
> }
> policy ike_pol_lan_to_remote {
>     mode main;
>     proposals [ 1 2 3 4 5 ];
>     pre-shared-key ascii-text "xxx"; ## SECRET-DATA
> }
> gateway gw_lan_to_remote {
>     ike-policy ike_pol_lan_to_remote;
>     address x.y.w.z;
>     local-identity inet my.ip.add.res;
>     external-interface reth2.0;
> }
> [...]
> root at srx210h-fw1# show ipsec
> policy ipsec_pol_lan_to_remote {
>     proposal-set compatible;
> }
> vpn lan_to_remote {
>     bind-interface st0.0;
>     ike {
>         gateway gw_lan_to_remote;
>         ipsec-policy ipsec_pol_lan_to_remote;
>     }
>     establish-tunnels immediately;
> }
> In /var/log/kmd i found
> Jun 20 18:25:50   IKEv1 Error : Payload malformed
> Jun 20 18:26:50   IKEv1 Error : Payload malformed
> Jun 20 18:27:50   IKEv1 Error : Payload malformed
> Jun 20 18:28:50   IKEv1 Error : Payload malformed
> Jun 20 18:29:50   IKEv1 Error : Payload malformed
> Jun 20 18:30:50   IKEv1 Error : Payload malformed
> Jun 20 18:31:50   IKEv1 Error : Payload malformed
> Any help?
> Regards
> bizza
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list