[j-nsp] SRX to vshield lan2lan
Ben Dale
bdale at comlinx.com.au
Thu Jun 20 19:20:05 EDT 2013
Hi Klaus,
I just had a quick peek in the vShield manual - it looks like it only supports IKEv2, so you'll need to add the following line to your config:
set security ike gateway gw_lan_to_remote version v2-only
Ben
On 21/06/2013, at 4:35 AM, klauzi <klauzi at gmail.com> wrote:
> Just wanted to double check that the interface is assigned to a zone at
> least.
>
> Did you try to enable the traceoptions under security ike to get more
> information? Best way is, that you are the responder in ike negotiation.
> Make sure that the other side initiates the ike traffic
>
> There is a document regarding vpn troubleshoooting:
> Search for: JSeries_SRXSeries_Route-based_VPN_to_ScreenOS_v13.pdf
>
> edit security ike traceoptions
> set file size 1m
> set flag policy-manager
> set flag ike
> set flag routing-socket
> commit
>
> Regards,
>
> Klaus
>
>
> On Thu, Jun 20, 2013 at 6:58 PM, bizza <bizzam at gmail.com> wrote:
>
>> Actually is assigned to WAN zone. Should I put it in LAN (where policies
>> and other stuffs are)?
>>
>> Regards
>> bizza
>>
>>
>> On Thu, Jun 20, 2013 at 6:54 PM, Klaus Groeger <klauzi at gmail.com> wrote:
>>
>>> Did you assign the st0.x interface to a zone?
>>>
>>>
>>>
>>
>>
>> --
>> bizza
>> http://www.rm-rf.eu/
>>
>
>
>
> --
> nil extimescere
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list