If you fx. have defined local-net 192.168.1.0/24 and remote-net 192.168.2.0/24 on one router and local-net 192.168.2.0/23 and remote-net 192.168.1.0/24 on the other.
Or application junos-ftp on one router and application any on the other. The phase 2 part must be symetric. But check the kmd log. /Morten On Wed, Sep 15, 2010 at 2:40 PM, Fahad Khan <fahad.k...@gmail.com> wrote: > "mismatch between remote-net and local-net" > > can you elaborate ? > > regards > Muhammad Fahad Khan > JNCIP - M/T # 834 > IT Specialist > Global Technology Services, IBM > fa...@pk.ibm.com > +92-301-8247638 > Skype: fahad-ibm > http://pk.linkedin.com/in/muhammadfahadkhan > > > On Wed, Sep 15, 2010 at 5:27 PM, Morten Isaksen <mi...@misak.dk> wrote: >> >> I had the same problem (between a SRX and a Cisco box). >> >> It is most likely a mismatch between remote-net and local-net >> configurations on each router. >> >> Try to enable traceoptions. >> >> edit security ike traceoptions >> [edit security ike traceoptions] >> set file size 1m >> set flag policy-manager >> set flag ike >> set flag routing-socket >> commit >> >> And check the kmd log. >> >> /Morten >> >> On Wed, Sep 15, 2010 at 1:27 PM, Fahad Khan <fahad.k...@gmail.com> wrote: >> > Hi folks, >> > >> > I am trying to establish route based VPN between SRX3600(in Ch cluster) >> > and >> > SRX210, but stuck in phase 2 (no proposal chosen).. >> > >> > has any one experienced it?? >> > >> > thanks in adv >> > >> > regards, >> > >> > Muhammad Fahad Khan >> > JNCIP - M/T # 834 >> > IT Specialist >> > Global Technology Services, IBM >> > fa...@pk.ibm.com >> > +92-301-8247638 >> > Skype: fahad-ibm >> > http://pk.linkedin.com/in/muhammadfahadkhan >> > _______________________________________________ >> > juniper-nsp mailing list juniper-nsp@puck.nether.net >> > https://puck.nether.net/mailman/listinfo/juniper-nsp >> > >> >> >> >> -- >> Morten Isaksen >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp > > -- Morten Isaksen _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp