[strongSwan] phase 2 failing - Juniper Netscreen ISG 2000

Roland RoLaNd r_o_l_a_n_d at hotmail.com
Mon May 19 16:59:24 CEST 2014 

Thank you for your prompt reply.
And you're correct, i apologize, i am actually using strongswan.
I am a bit reluctant to upgrade to the latest version as i have other tunnels up and running which are critical and cannot endure downtime. though i do have the upgrade task in my backlog.
As for juniper logs, this keeps reoccurring every time i try to initiate the tunnel :

2014-05-19 16:48:40 system info  00536 IKE $MyNattedPublicIp Phase 2 msg ID                                       6f4e415f: Negotiations have failed.2014-05-19 16:48:40 system info  00536 IKE $MyNattedPublicIp Phase 2: No policy                                       exists for the proxy ID received:                                       local ID (10.100.241.50/                                      255.255.255.255, 0, 0) remote ID                                       ($MyNattedPublicIp/255.255.255.255, 0,                                       0).2014-05-19 16:48:40 system info  00536 IKE $MyNattedPublicIp Phase 2 msg ID                                       6f4e415f: Responded to the peer's                                       first message.2014-05-19 16:48:40 system info  00536 IKE $MyNattedPublicIp Phase 2 msg ID                                       6b66d5c9: Negotiations have failed.2014-05-19 16:48:40 system info  00536 IKE $MyNattedPublicIp Phase 2 msg ID                                       6b66d5c9: Responded to the peer's                                       first message.3:48 PM



> Subject: Re: [strongSwan] phase 2 failing - Juniper Netscreen ISG 2000
> From: martin at strongswan.org
> To: r_o_l_a_n_d at hotmail.com
> CC: users at lists.strongswan.org
> Date: Mon, 19 May 2014 16:46:45 +0200
> 
> Hi Roland,
> 
> > this is my first time configuring openswan with juniper, all my other
> > configs were with cisco (which are currently working) something wrong
> > with configuration which is preventing me from establishing the
> > tunnel.
> 
> This is the user mailing list of the strongSwan project, which these
> days is completely different from openswan. If you need help with
> openswan related issues, you should ask on their mailing list.
> 
> If you are actually using strongSwan, I recommend to try using a newer
> 5.x release, which comes with a new unified implementation for IKEv1 and
> IKEv2 (no pluto anymore).
> 
> > 117 "some_dst/0x2" #21: STATE_QUICK_I1: initiate
> > 010 "some_dst/0x2" #21: STATE_QUICK_I1: retransmission; will wait 20s for response
> > 010 "some_dst/0x1" #20: STATE_QUICK_I1: retransmission; will wait 20s for response
> 
> Obviously your Juniper box does not reply to the Quick Mode exchange.
> Maybe you find some more information in the Juniper log?
> 
> Regards
> Martin
> 
> 
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140519/7acc4700/attachment.html>

More information about the Users mailing list