isr1800 L2L ipsec tunnel with Netscreen ISG2000

Unanswered Question
May 5th, 2008

Hi all!

I have a problem setting up an ipsec tunnel between a 1811 ISR router and Netscreen ISG2000 device.

After the successfully completed Phase1 appears an error which i cannot understand where it is come from.

*May 5 23:27:25.694 EET: ISAKMP:(2921):Need config/address

*May 5 23:27:25.694 EET: ISAKMP: set new node -745013984 to CONF_ADDR

*May 5 23:27:25.694 EET: ISAKMP:(2921):No IP address pool defined for ISAKMP!

*May 5 23:27:25.694 EET: ISAKMP:(2921):peer does not do paranoid keepalives.

*May 5 23:27:25.694 EET: ISAKMP:(2921):deleting SA reason "Fail to allocate ip address" state (R) CONF_ADDR (peer zz.yy.xx.vv)

*May 5 23:27:25.694 EET: ISAKMP:(2921):deleting node -745013984 error FALSE reason "No Error"

*May 5 23:27:25.694 EET: ISAKMP:(2921):peer does not do paranoid keepalives.

I have tried with different isakmp/ipsec parameters I also changed the IOS but nothing changed. Did anybody have experience with this error message?

Any help would be appreciated.

Netscreen: ScreenOS5.4

ISR1811: 12.4(15)T4

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
oszkari Sat, 05/17/2008 - 06:26

Problem solved.

There is a well known incompatibility issue with third-party ipsec clients (problem description:CSCsh20354)

I removed the easy vpn server from the cisco and everything started to work.

But I can't figure out why the juniper equipment was treated like an easy vpn-client.


This Discussion