[j-nsp] Site-To-Site VPN woes again
Mike Devlin
mikecdevlin at gmail.com
Tue May 6 08:35:45 EDT 2014
are using local-address config line under edit security ike gateway blah?
On Tue, May 6, 2014 at 8:24 AM, Mattias Gyllenvarg <mattias at gyllenvarg.se>wrote:
> Turns out the HUB node can not be on use a "secondary" IP as the Gateway
> IP for the IPsec termination.
> This workes on SRX240 in a very similar installation. But not on the
> SRX210HE2 in this installation.
>
> //Mattias Gyllenvarg
>
>
> On Fri, May 2, 2014 at 5:07 PM, Mike Devlin <mikecdevlin at gmail.com> wrote:
>
>> config please
>>
>>
>> On Fri, May 2, 2014 at 9:33 AM, Mattias Gyllenvarg <mattias at gyllenvarg.se
>> > wrote:
>>
>>> Hi All
>>>
>>> I have been cracking my skull on this one for a while now and I am not
>>> getting anywhere I want to go. So, here is a nut for anyone proficient in
>>> Site-To-Site VPN with PKI and Distinguished names on SRX.
>>>
>>> TLDR; New installation of a setup I already have working on a global
>>> scale.
>>> Only difference in HW is a SRX210HE2 as HUB compared to a 240 in the
>>> working installation.
>>> Error is NO proposal chosen. I get this even if I try it with static IPs
>>> and PSK.
>>> Junos is [12.1X44-D20.3]
>>> Waiting to try [12.1X44-D30.4] but I dont have it yet.
>>>
>>> So, I have double checked the proposals (they come from a template) many
>>> times.
>>> Removed and reapplied all security config. Reloaded and so on.
>>> st0.0 is in trusted and all policies are in place.
>>>
>>> Can't find a known bug or deeper troubleshooting help then check your
>>> proposals, for this error.
>>>
>>> --
>>> *Best Regards*
>>> *Mattias Gyllenvarg*
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>
>>
>
>
> --
> *Med Vänliga Hälsningar / Best Regards*
> *Mattias Gyllenvarg*
>
More information about the juniper-nsp
mailing list