Configuring LAN to LAN VPN on Juniper ssg5-serial
I have a Juniper ssg5-serial at a remote medical office that needs to connect to the lab at the local hospital. The hospital has provided me with all the pertinent information as far as Gateway/Phase1/Phase2/PSK/
We are setup with a Comcast /29 with the first usable as our WAN static for the Juniper and the second static as the Management. The third usable is for our VPN connection.
According to the hospital IT department our resource of xxx.xxx.xxx6 is the server that the application that needs the access to the hospital runs on.
These are the errors we are getting when attempting to create the tunnel:
2011-04-06 16:25:53 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Negotiations have failed.
2011-04-06 16:25:53 info Rejected an IKE packet on ethernet0/0 from 12.148.43.77:500 to 173.13.31.57:500 with cookies b6c96f702be8ca7f and f61d098c11c0559d because The peer sent a proxy ID that did not match the one in the SA config.
2011-04-06 16:25:53 info IKE 12.148.43.77 Phase 2: No policy exists for the proxy ID received: local ID (173.13.31.59/255.255.255.
2011-04-06 16:25:53 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Responded to the peer's first message.
2011-04-06 16:25:49 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Negotiations have failed.
2011-04-06 16:25:49 info Rejected an IKE packet on ethernet0/0 from 12.148.43.77:500 to 173.13.31.57:500 with cookies b6c96f702be8ca7f and f61d098c11c0559d because The peer sent a proxy ID that did not match the one in the SA config.
2011-04-06 16:25:49 info IKE 12.148.43.77 Phase 2: No policy exists for the proxy ID received: local ID (173.13.31.59/255.255.255.
2011-04-06 16:25:49 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Responded to the peer's first message.
2011-04-06 16:25:45 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Negotiations have failed.
2011-04-06 16:25:45 info Rejected an IKE packet on ethernet0/0 from 12.148.43.77:500 to 173.13.31.57:500 with cookies b6c96f702be8ca7f and f61d098c11c0559d because The peer sent a proxy ID that did not match the one in the SA config.
2011-04-06 16:25:45 info IKE 12.148.43.77 Phase 2: No policy exists for the proxy ID received: local ID (173.13.31.59/255.255.255.
2011-04-06 16:25:45 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Responded to the peer's first message.
2011-04-06 16:25:41 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Negotiations have failed.
2011-04-06 16:25:41 info Rejected an IKE packet on ethernet0/0 from 12.148.43.77:500 to 173.13.31.57:500 with cookies b6c96f702be8ca7f and f61d098c11c0559d because The peer sent a proxy ID that did not match the one in the SA config.
2011-04-06 16:25:41 info IKE 12.148.43.77 Phase 2: No policy exists for the proxy ID received: local ID (173.13.31.59/255.255.255.
2011-04-06 16:25:41 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Responded to the peer's first message.
2011-04-06 16:25:37 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Negotiations have failed.
2011-04-06 16:25:37 info Rejected an IKE packet on ethernet0/0 from 12.148.43.77:500 to 173.13.31.57:500 with cookies b6c96f702be8ca7f and f61d098c11c0559d because The peer sent a proxy ID that did not match the one in the SA config.
2011-04-06 16:25:37 info IKE 12.148.43.77 Phase 2: No policy exists for the proxy ID received: local ID (173.13.31.59/255.255.255.
2011-04-06 16:25:37 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Responded to the peer's first message.
We are setup with a Comcast /29 with the first usable as our WAN static for the Juniper and the second static as the Management. The third usable is for our VPN connection.
According to the hospital IT department our resource of xxx.xxx.xxx6 is the server that the application that needs the access to the hospital runs on.
These are the errors we are getting when attempting to create the tunnel:
2011-04-06 16:25:53 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Negotiations have failed.
2011-04-06 16:25:53 info Rejected an IKE packet on ethernet0/0 from 12.148.43.77:500 to 173.13.31.57:500 with cookies b6c96f702be8ca7f and f61d098c11c0559d because The peer sent a proxy ID that did not match the one in the SA config.
2011-04-06 16:25:53 info IKE 12.148.43.77 Phase 2: No policy exists for the proxy ID received: local ID (173.13.31.59/255.255.255.
2011-04-06 16:25:53 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Responded to the peer's first message.
2011-04-06 16:25:49 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Negotiations have failed.
2011-04-06 16:25:49 info Rejected an IKE packet on ethernet0/0 from 12.148.43.77:500 to 173.13.31.57:500 with cookies b6c96f702be8ca7f and f61d098c11c0559d because The peer sent a proxy ID that did not match the one in the SA config.
2011-04-06 16:25:49 info IKE 12.148.43.77 Phase 2: No policy exists for the proxy ID received: local ID (173.13.31.59/255.255.255.
2011-04-06 16:25:49 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Responded to the peer's first message.
2011-04-06 16:25:45 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Negotiations have failed.
2011-04-06 16:25:45 info Rejected an IKE packet on ethernet0/0 from 12.148.43.77:500 to 173.13.31.57:500 with cookies b6c96f702be8ca7f and f61d098c11c0559d because The peer sent a proxy ID that did not match the one in the SA config.
2011-04-06 16:25:45 info IKE 12.148.43.77 Phase 2: No policy exists for the proxy ID received: local ID (173.13.31.59/255.255.255.
2011-04-06 16:25:45 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Responded to the peer's first message.
2011-04-06 16:25:41 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Negotiations have failed.
2011-04-06 16:25:41 info Rejected an IKE packet on ethernet0/0 from 12.148.43.77:500 to 173.13.31.57:500 with cookies b6c96f702be8ca7f and f61d098c11c0559d because The peer sent a proxy ID that did not match the one in the SA config.
2011-04-06 16:25:41 info IKE 12.148.43.77 Phase 2: No policy exists for the proxy ID received: local ID (173.13.31.59/255.255.255.
2011-04-06 16:25:41 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Responded to the peer's first message.
2011-04-06 16:25:37 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Negotiations have failed.
2011-04-06 16:25:37 info Rejected an IKE packet on ethernet0/0 from 12.148.43.77:500 to 173.13.31.57:500 with cookies b6c96f702be8ca7f and f61d098c11c0559d because The peer sent a proxy ID that did not match the one in the SA config.
2011-04-06 16:25:37 info IKE 12.148.43.77 Phase 2: No policy exists for the proxy ID received: local ID (173.13.31.59/255.255.255.
2011-04-06 16:25:37 info IKE 12.148.43.77 Phase 2 msg ID 1b59ba5b: Responded to the peer's first message.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It's pretty much that easy as described above: Go into VPN > AutoKey IKE, and depending on your firmware release you need to click on Proxy ID". If you can't see that, you are on pre-6.3 firmware release, and need to go into "Edit", "Advanced". You now need to set the Proxy ID settings to
Local ID: 12.148.34.49/24
Remote ID: 173.13.31.59
Service: Any
and should be it. Yoou might need to unbind your policy from the VPN first - you'll get an error message stating that then.
Local ID: 12.148.34.49/24
Remote ID: 173.13.31.59
Service: Any
and should be it. Yoou might need to unbind your policy from the VPN first - you'll get an error message stating that then.
Couldn't have said it better hehe.
If you still have issues bud, let us know.
If you still have issues bud, let us know.
Don't you think I should get some of the points for explaining the how-to?
ASKER