Hi Klaus, I just had a quick peek in the vShield manual - it looks like it only supports IKEv2, so you'll need to add the following line to your config:
set security ike gateway gw_lan_to_remote version v2-only Ben On 21/06/2013, at 4:35 AM, klauzi <kla...@gmail.com> wrote: > Just wanted to double check that the interface is assigned to a zone at > least. > > Did you try to enable the traceoptions under security ike to get more > information? Best way is, that you are the responder in ike negotiation. > Make sure that the other side initiates the ike traffic > > There is a document regarding vpn troubleshoooting: > Search for: JSeries_SRXSeries_Route-based_VPN_to_ScreenOS_v13.pdf > > edit security ike traceoptions > set file size 1m > set flag policy-manager > set flag ike > set flag routing-socket > commit > > Regards, > > Klaus > > > On Thu, Jun 20, 2013 at 6:58 PM, bizza <biz...@gmail.com> wrote: > >> Actually is assigned to WAN zone. Should I put it in LAN (where policies >> and other stuffs are)? >> >> Regards >> bizza >> >> >> On Thu, Jun 20, 2013 at 6:54 PM, Klaus Groeger <kla...@gmail.com> wrote: >> >>> Did you assign the st0.x interface to a zone? >>> >>> >>> >> >> >> -- >> bizza >> http://www.rm-rf.eu/ >> > > > > -- > nil extimescere > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp