Turns out the HUB node can not be on use a "secondary" IP as the Gateway IP for the IPsec termination. This workes on SRX240 in a very similar installation. But not on the SRX210HE2 in this installation.
//Mattias Gyllenvarg On Fri, May 2, 2014 at 5:07 PM, Mike Devlin <mikecdev...@gmail.com> wrote: > config please > > > On Fri, May 2, 2014 at 9:33 AM, Mattias Gyllenvarg > <matt...@gyllenvarg.se>wrote: > >> Hi All >> >> I have been cracking my skull on this one for a while now and I am not >> getting anywhere I want to go. So, here is a nut for anyone proficient in >> Site-To-Site VPN with PKI and Distinguished names on SRX. >> >> TLDR; New installation of a setup I already have working on a global >> scale. >> Only difference in HW is a SRX210HE2 as HUB compared to a 240 in the >> working installation. >> Error is NO proposal chosen. I get this even if I try it with static IPs >> and PSK. >> Junos is [12.1X44-D20.3] >> Waiting to try [12.1X44-D30.4] but I dont have it yet. >> >> So, I have double checked the proposals (they come from a template) many >> times. >> Removed and reapplied all security config. Reloaded and so on. >> st0.0 is in trusted and all policies are in place. >> >> Can't find a known bug or deeper troubleshooting help then check your >> proposals, for this error. >> >> -- >> *Best Regards* >> *Mattias Gyllenvarg* >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp