On 05/03/2012, at 9:57 PM, bizza wrote:
> gateway gw_vpn2remote {
> ike-policy ike_pol_vpn2remote;
> address X.Y.W.Z;
> local-identity inet A.B.C.D;
> external-interface fe-0/0/7.0;
> version v1-only;
> }
In your IKE gateway configuration above, you have configured the local-identity
- this particular knob is only used for authentication when you are using
aggressive mode (which you are not).
I suspect what you really wanted to configure was the proxy-id which ASAs tend
to be VERY picky about.
You'll need:
set security ipsec vpn vpn2remote ike proxy-identity local A.B.C.D/E
set security ipsec vpn vpn2remote ike proxy-identity remote F.G.H.I/J
set security ipsec vpn vpn2remote ike proxy-identity service any
where F.G.H.I/J is the subnet on the remote side.
Ben
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
