Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Cisco IPSEC IKEV2 and Juniper / Netscreen Interoperability Issues

 

 

 

 

 

 

Problem Overview

 

 

Juniper / Netscreen devices may not correctly handle multiple IPsec proposals that are sent to it when using IKEV2 (ike version 2) for a static LAN to LAN ipsec VPN tunnel.

 

Symptom

 

 

The IKEv2 and IPsec tunnels will come up successfully but data will NOT flow.

 

 

Condition

 

 

Seen if the Cisco device initiates the connection but not if the Juniper initiates the IKEv2 connection.

 

Workaround

 

 

1) The current workaround that could be used is to only configure a single IPsec proposal on the Cisco device for the static crypto map that is configured to a Juniper peer.

 

2) The other workaround is to configure the Cisco device in such a order that the last proposal is the one that matches with Juniper peer.

Version history
Revision #:
2 of 2
Last update:
‎08-23-2017 11:27 PM
Updated by:
 
Labels (1)
Contributors