I'm trying to set up a L2L VPN with a Cisco ASA 5510 and a Juniper Netscreen Firewall. I can't find any recent documentation regarding this setup. I'm receiving some error messages from the ASDM which are below:
4 Jun 25 2007 14:32:54 713903 Group = 184.108.40.206, IP = 220.127.116.11, Freeing previously allocated memory for authorization-dn-attributes
3 Jun 25 2007 14:32:54 713119 Group = 18.104.22.168, IP = 22.214.171.124, PHASE 1 COMPLETED
3 Jun 25 2007 14:32:54 713122 IP = 126.96.36.199, Keep-alives configured on but peer does not support keep-alives (type = None)
5 Jun 25 2007 14:32:54 713904 Group = 188.8.131.52, IP = 184.108.40.206, All IPSec SA proposals found unacceptable!
3 Jun 25 2007 14:32:54 713902 Group = 220.127.116.11, IP = 18.104.22.168, QM FSM error (P2 struct &0x4274390, mess id 0x10055b4)!
3 Jun 25 2007 14:32:54 713902 Group = 22.214.171.124, IP = 126.96.36.199, Removing peer from correlator table failed, no match!
The VPN config is provided. Anything stand out? or anyone else get this to work? Any comments welcome.
Are you sure that the IPSEC configuration on both devices are matching perfectly? Your Phase 1 Completed implies that your ISAKMP tunnel is created so that moves you past the ISAKMP and it says that your IPSEC Proposal is bad so on your ASA you have it set up for ESP-3DES ESP-MD5-HMAC also you have PFS Group 2 on make sure you have that set up on your NetScreen
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...