• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1652
  • Last Modified:

ipsec tunnel

Hi
My customer use juniper ssg 140 and our office use fortigate 110c .I use encryption 3des both site . But I got problem tunnel.I checked fortigate log show phrase 2 error.
Do u have simple config for ssg140 ipsec ?
I am not familiar with ssh

B.rgds
0
mgzawmyomin
Asked:
mgzawmyomin
  • 4
  • 3
  • 2
  • +1
2 Solutions
 
NetExpert-WarszawaCommented:
Are you sure you use 3DES for phase 2? Maybe you looked into phase 1?

Other parameters (authentication, PFS) must be matching too.

Could you paste the error here please?
0
 
mgzawmyominAuthor Commented:
Hi Expert ,

I troubleshoot only on fortigate site .I don't have skill on juniper . If you can provide simple guide for setup ipsec on ssg140? If u have step by step guide will be more easier for me thank

B.rgds
0
 
Ernie BeekCommented:
Have a look at: http://www.juniper.net/techpubs/en_US/release-independent/screenos/information-products/pathway-pages/screenos/product/index.html

Lots to be found there.

Phase 2 errors could be caused by a configuration mismatch. Check if the proposals are the same on both side (des/3des/etc.).
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
mgzawmyominAuthor Commented:
Hi expert

May I have some snapshot step by step guide
Available ? Knowledge base guide is too confuse for me because I just see juniper interface today

B.rgds
0
 
NetExpert_plCommented:
See here http://kb.juniper.net/InfoCenter/index?page=content&id=KB8554

Could you copy and paste here the part of the log with error anyway?
0
 
Ernie BeekCommented:
You could try this: http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_ce_VPN.pdf
which shows guides for the various site2site setup (this link is for 6.3.0, don't know what version you have?)

I don't have a 140 over here so I can't create a step by step myself :-~
0
 
mgzawmyominAuthor Commented:
Hi

What is different between routing.ipsec or policybase ?what should I use ? For my case which method can use ?

B.rgds
0
 
NetExpert_plCommented:
0
 
Ernie BeekCommented:
Keep in mind that if you're going to change the method, you'll have to change the configurations on both ends (duh :)
Since you allready set things up it might be easier to see if you can change the phase 2 settings so they match at both ends (if that was the issue of course).
0
 
mgzawmyominAuthor Commented:
Hi Experts,

Thank you for your advise , Finally i manage to tunnel my ipsec up  after upgrade my fortigate
110c firmware to version 4.0 MR1 patch 1 to Version 4.0 MR3 Patch 5 , Tunnel up without changing any setting . Say again thank you

B.rgds
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now