[j-nsp] SRX to vshield lan2lan
klauzi
klauzi at gmail.com
Thu Jun 20 14:35:06 EDT 2013
Just wanted to double check that the interface is assigned to a zone at
least.
Did you try to enable the traceoptions under security ike to get more
information? Best way is, that you are the responder in ike negotiation.
Make sure that the other side initiates the ike traffic
There is a document regarding vpn troubleshoooting:
Search for: JSeries_SRXSeries_Route-based_VPN_to_ScreenOS_v13.pdf
edit security ike traceoptions
set file size 1m
set flag policy-manager
set flag ike
set flag routing-socket
commit
Regards,
Klaus
On Thu, Jun 20, 2013 at 6:58 PM, bizza <bizzam at gmail.com> wrote:
> Actually is assigned to WAN zone. Should I put it in LAN (where policies
> and other stuffs are)?
>
> Regards
> bizza
>
>
> On Thu, Jun 20, 2013 at 6:54 PM, Klaus Groeger <klauzi at gmail.com> wrote:
>
>> Did you assign the st0.x interface to a zone?
>>
>>
>>
>
>
> --
> bizza
> http://www.rm-rf.eu/
>
--
nil extimescere
More information about the juniper-nsp
mailing list