[j-nsp] Site-To-Site VPN woes again

Mike Devlin mikecdevlin at gmail.com
Fri May 2 11:07:32 EDT 2014


config please


On Fri, May 2, 2014 at 9:33 AM, Mattias Gyllenvarg <mattias at gyllenvarg.se>wrote:

> Hi All
>
> I have been cracking my skull on this one for a while now and I am not
> getting anywhere I want to go. So, here is a nut for anyone proficient in
> Site-To-Site VPN with PKI and Distinguished names on SRX.
>
> TLDR; New installation of a setup I already have working on a global scale.
> Only difference in HW is a SRX210HE2 as HUB compared to a 240 in the
> working installation.
> Error is NO proposal chosen. I get this even if I try it with static IPs
> and PSK.
> Junos is  [12.1X44-D20.3]
> Waiting to try [12.1X44-D30.4] but I dont have it yet.
>
> So, I have double checked the proposals (they come from a template) many
> times.
> Removed and reapplied all security config. Reloaded and so on.
> st0.0 is in trusted and all policies are in place.
>
> Can't find a known bug or deeper troubleshooting help then check your
> proposals, for this error.
>
> --
> *Best Regards*
> *Mattias Gyllenvarg*
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list