Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Site to Site Cisco 7140 VPN router to Juniper Netscreen 2006

We been having problems connecting site to site from a 7140 vpn router to Juniper Netscreens appliances. The tunnel looks like its up but I'm getting Phase 2 errors. Connecition are one sided and occasionnaly the Netscreen on the other end has to be rebooted to bring up the IPSEC tunnel with 3des and md5.

Anything special about setting up reliable IPSEC tunnels from a 7140 router to a Juniper netscreen 2006?


Re: Site to Site Cisco 7140 VPN router to Juniper Netscreen 2006

Configure the Internet Key Exchange (IKE) proposal on both devices.

1.Configure the IPSec parameters on both devices.

2.Specify network ranges on both devices for passing traffic across the proposed tunnel.

3.Once the tunnel has been configured, attempt to pass traffic from a workstation on one side of the connection to a workstation on the other side of the connection.

4.If you are able to ping, the tunnel is functioning properly.

5.If you are not able to ping, issue the show crypto isakmp sa and show crypto ipsec sa commands on the PIX Firewall. This determines the state of the connection.

6.If the show crypto isakmp sa status shows anything other than QM_IDLE, phase 1 (Internet Security Association and Key Management Protocol [ISAKMP]) has not properly negotiated and should be examined

CreatePlease to create content