Hi everyone, Trying to establish an IPSec tunnel (route based) between a Juniper SRX and a Cisco IOS router.
The topology is two routers with DSL services, the SRX is on a dynamic IP, the Cisco on a static. No NAT is involved in the path between the two routers. Heres the configs Im working on: http://pastebin.com/gUEFVTau Basically what Im getting is this... In main mode, phase 1 is OK, and I get probably 99% of the way in phase 2, but it doesnt quite complete, with errors like "proxy identities not supported". I can fix this by configuring Tunnel0's destination as the IP of the SRX /at the time/ and can then ping across the tunnel. But this obviously isnt a long term solution because if the IP of the SRX changes (and it does, frequently, because the DSL is notoriously unstable) then the VPN stops working. So I try to go aggressive mode, but this is even worse, with phase 1 not completing with errors like "IKE packet from x.x.x.x was not encrypted and it should've been", and never really making it past AG_INIT_EXCH. This is a debug of aggressive mode: http://pastebin.com/RUAaXDyE Based on my supplied configs, can anyone help me come up with a solution that allows the SRX to initiate a connection from any random IP, and the Cisco accepts it but I dont have to configure the IP of the SRX on the Cisco in order for it to work? I feel like Im tantalisingly close, but after several hours at it so far and copious amounts of googling, I just cant see the solution... Thanks. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp