Solved

Site-to-Site VPN problem between two Junipers

Posted on 2014-07-31
9
390 Views
Last Modified: 2014-08-05
Hi,

I'd like set the site to site VPN between Juniper NetScreen-5GT and Juniper SRX220. I setted both devices but the VPN not working and I see error messages in the Event Log on NetScreen-5GT.

The message is:
Rejected an IKE packet on untrust from Partner1 to LocalIP with cookies cookie1 and cookie2 because Phase 1 negotiations failed. (The preshared keys might not match.).

I tried use this proposals pre-g2-3des-sha1, pre-g2-3des-md5, pre-g2-aes128-md5, pre-g2-aes128-sha1. I don't know whats the problem. I changed the preshared key several times in both devices, so I think the problem is not password problem.

Can you help me this problem?
0
Comment
Question by:Cook77
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 1

Expert Comment

by:WEHA
ID: 40231456
Are the vpn profile names the same on both sides?
0
 

Author Comment

by:Cook77
ID: 40231524
No, different. The vpn profile name is only the label or not?
0
 
LVL 93

Accepted Solution

by:
John Hurst earned 500 total points
ID: 40231615
Phase 1 fails normally because a connection cannot be made. It has not gotten to Pre Shared Key (Phase 2).

Make sure the IP addresses external and internal at both ends are the same. Make sure you are using IP Subnet on both ends and that the Subnet mask is correct.

Make sure the subnets at both ends are different. They cannot be the same.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 19

Expert Comment

by:Kash
ID: 40231678
make sure you have phases set up right and passwords ok as well.

are both junipers same model ?
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40231686
You can connect two different Juniper machines and connect Juniper with Cisco.

@Cook77 - concentrate on Phase 1 before Phase 2. You need to connect first.
0
 
LVL 19

Expert Comment

by:Kash
ID: 40231691
@John, i know that if you are commenting on my comments, I was just asking the OP.
0
 

Author Closing Comment

by:Cook77
ID: 40238677
The problem is solved.

The local and remote site IP range was replaced.
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40238778
@Cook77  - Thanks for the update and I was happy to help.
0
 

Author Comment

by:Cook77
ID: 40241224
Thank you for your help.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPMI Cipher Zero vulnerability on server 2012? 1 58
Virus .zepto files 10 86
Security Permissions Issues 10 77
Login into my PC 5 39
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question