I'm trying to build tunnel between our ASA 5510 and service providers Juniper Netscreen.
IKE phase 1 tunnel works fine, but IPsec phase 2 tunnel dosen't. Based on logs on both sides, it seems that problem is in proxy-id configurations, so protected networks doesn't match. I have tried to do everything I understund to ASA, but can't get it work. Could someone help me what else could be the problem? Is there any known issues between ASA and Netscreen? SP points to me and says that I have to configure proxy-ids correctly.
SP said that they have configured next networks to Netscreen proxy-id (route based):
I attach my ASA configuration related to tunnel. Below you can see the log messages from ASA and Netscreen.
Thanks in Advance,
ASA log -->
asa5510# Mar 24 10:57:58 [IKEv1]: Group = Netscreen_IP, IP = Netscreen_IP,
QM FSM error (P2 struct &0xd8cfcf80, mess id 0x50bcdd6b)!
Mar 24 10:57:58 [IKEv1]: Group = Netscreen_IP, IP = Netscreen_IP, construc
Mar 24 10:57:58 [IKEv1]: Group = Netscreen_IP, IP = Netscreen_IP, Removing
peer from correlator table failed, no match!
IKE ASA_IP Phase 2: No policy exists for the proxy ID received: local ID (ASA_IP/255.255.255.255, 0, 0) remote ID (ASA_IP/255.255.255.255, 0, 0)