Refer to ScreenOS manual "Dial-up VPN / Dial-up / Policy based dial-up VPN, AutoKey IKE". Modify matching bidirectional VPN policy: select.source / dest addr: set up as needed (note: use source / destination of the the encapsulated traffic, i.e.Route: just setting default gateway in normal way, routing for VPN is not required in this policy based setting done already guess what happened here: proxy ID is something in the standard but can be implemented differently I cannot find a racoon configuration directive to set it then racoon simply used its end IP (private) and sent over NAT to ScreenOS ScreenOS identify Ubuntu with its public IP so the mismatch and requirement of this manual setting Ĥ.without this proxy ID setting the connection will fail and ScreenOS complains "info Rejected an IKE packet on ethernet0/0 from 180.1.1.1:4500 to 200.1.1.1:4500 with cookies xxxxxxxxxx and xxxxxxxxxx because The peer sent a proxy ID that did not match the one in the SA config." and "IKE 180.1.1.1 Phase 2 msg ID xxxxx: Negotiations have failed.".it seems "proxy ID" is what Juniper calls it and I'm not quite sure what it really is anyway, it's used in phase2 to identify tunnel, as multiple tunnels may exist between two ends without manual configuration, proxy id could simply be a combination of local address/remote address/service.Security level: standard (refer to manual, standard means g2-esp-3des-sha and g2-esp-aes128-sha).Security level: custom, pre-g2-3des-sha.if initiator's IP match this configured address, but the address in "my_identifier address" directive in nf does not match up, log shows "Rejected an IKE packet on ethernet0/0 from :4500 to :4500 with cookies xxxxxxxxxxxxx and xxxxxxxxxxxxxxxx because Phase-1: no user configuration was found for the received IKE ID type: IP Address,1.".if initiator's IP does not match this configured address, log shows "Rejected an IKE packet on ethernet0/0 from :500 to :500 with cookies xxxxxxxxxxxxxxx and xxxxxxxxxxxx because There were no acceptable Phase 1 proposals.".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |