our head office used Junipernet screen OS 9.1, we buy cisco ASA5505 for branch site, our ASA5505 OS is 8.2, and these's detail that Global team let's me do
Termination Equipment (HQ) | Juniper Netscreen |
Software Version (HQ) | OS 9.1 |
Local VPN Gateway (HQ) | TBD |
Termination Equipment (HQ) | Cisco ASA 5550 |
Software Version (Site) | 8.4 |
Remote VPN Gateway (Site) | XXX.XXX.XXX.XXX |
Pre Shared Key | yyyyyyyyyyy |
NextIP networks (HQ) | All RFC1918 |
Remote Networks (Site) | 172.18.10.0/24 |
Phase 1 Parameters | <customer to select appropriate values> |
Authentication Mode | Shared Secret |
IPSec Mode | Tunnel |
IKE Encryption | AES256 |
IKE Hash | SHA |
Diffie Hellman Group | Group 2 (1024 bit) |
IKE Lifetime | 1440 Min |
Phase 2 Parameters | <customer to select appropriate values> |
Mode | AH & ESP (Both Req’d) |
ESP Encryption | AES256 |
ESP Hash | SHA |
Perfect Forward Secrecy | No PFS |
IPSec Lifetime | 3600 Sec |
and I already know public IP og juniper firewall that I connect, and all hq vlan be hide firewall , I follow up these link to configure ( for ASA only , because juniper is under outsource control ) http://www.petenetlive.com/KB/Article/0000710.htm
but it look like tunel is not up, outsource confirm can ping to router ( they and remote to server in branch site with remote desktop that I create nat policy ), but on ASA can not ping and trace route to juniper firewall , one error that I can find is "config implicit rule ) when I try with packet tracer,
please help me which path that I wrong, and how to make it up,
Thank you for your support
