[j-nsp] SRX to vshield lan2lan

klauzi klauzi at gmail.com
Thu Jun 20 14:35:06 EDT 2013


Just wanted to double check that the interface is assigned to a zone at
least.

Did you try to enable the traceoptions under security ike to get more
information? Best way is, that you are the responder in ike negotiation.
Make sure that the other side initiates the ike traffic

There is a document regarding vpn troubleshoooting:
Search for: JSeries_SRXSeries_Route-based_VPN_to_ScreenOS_v13.pdf

edit security ike traceoptions
set file size 1m
set flag policy-manager
set flag ike
set flag routing-socket
commit

Regards,

Klaus


On Thu, Jun 20, 2013 at 6:58 PM, bizza <bizzam at gmail.com> wrote:

> Actually is assigned to WAN zone. Should I put it in LAN (where policies
> and other stuffs are)?
>
> Regards
> bizza
>
>
> On Thu, Jun 20, 2013 at 6:54 PM, Klaus Groeger <klauzi at gmail.com> wrote:
>
>> Did you assign the st0.x interface to a zone?
>>
>>
>>
>
>
> --
> bizza
> http://www.rm-rf.eu/
>



-- 
nil extimescere


More information about the juniper-nsp mailing list