I am trying to set up a Netscreen to Pix 506 (ver 6.3.5) VPN. The Netscreen has a static public IP and the Pix has a dynamic public IP. If I set the tunnel up as static IP's on both end it works fine but fails when I go back to dynamic on the Pix. Dynamic is the way the majority of the remote pix sites will be.
The Netscreen is looking to point to a FQDN on any far end VPN device along with the pre-shared key to establish the tunnel. I have configured the remote "peer" on the netscreen to the pix hostname and also tried the pix hostname plus the domain name. Both failed. On Cisco debugs it shows the local identity as the IP address. I have the command "isakmp identity hostname" configured on the pix. I am thinking until I see a true FQDN in the debugs this will not work. The debugs I ran were debug isakmp sa and debug ipsec sa.
I get the following info from the Netscreen event log:
Rejected an IKE packet on untrust from 184.108.40.206:500 to 220.127.116.11:500 with cookies e032996ad3aa1bc5 and 0000000000000000 because an initial Phase 1 packet arrived from an unrecognized peer gateway
I get this on Pix debug:
homenet# ping inside 10.10.100.99
ISAKMP (0): beginning Main Mode exchange 10.10.100.99 NO response receive
Thanks for the link but I had found this link and it does work, but this is not the scenario I was trying to implement. This doc uses static IP's on both the pix and the Netscreen. I need to have a dynamic IP on the Pix, which rules out the attached web link. I have found out since I posted this link that the scenario I am trying to implement will not work between a Netscreen with static public and a Pix with a Dynamic public with pre-shared keys. The Netscreen is looking for a FQDN and the pix does not put out a FQDN. Only potential way of doing this is with RSA certificates. I am choosing a different path. Thanks again for the reply.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...