Cisco ASA to NetScreen IPsec VPN problem



  • Hi Guys,
    I’m trying to get VPN happening between Cisco ASA, and Juniper NetScreen.
    Its been long and painful journey, firstly with phase 1 and 2 authentication, now with traffic not passing through the tunnel, despite vpn tunnel being up.
    Please have a look at the fragments of the config, and let me know what is going wrong.

    Line 145: set address “Untrust” “Melbourne” 192.168.15.0 255.255.255.0
    Line 190: set ike gateway “Melbourne” address 27.54.69.60 Main outgoing-interface “ethernet3” preshare "RpNbQzTDNAMAeds27fC3tRwMvCnC+C/KDuxBemS/hgjSgxbuo6DJ/uU
    Line 235: set vpn “Melbourne” gateway “Melbourne” replay tunnel idletime 0 proposal "g2-esp-aes128-sha"
    Line 235: set vpn “Melbourne” gateway “Melbourne” replay tunnel idletime 0 proposal "g2-esp-aes128-sha"
    Line 236: set vpn “Melbourne” id 53 bind interface tunnel.7
    Line 301: set vpn “Melbourne” proxy-id local-ip x.x.x.x/32 remote-ip x.x.x.x/32 "ANY"
    Please note last line x.x.x.x are public routable IP addresses. When we change them to local ip addresses, tunnels goes down, and phase 2 negottiation fails.
    Any Help greatly appreciated.
    Martin


 

29
Online

38.4k
Users

12.7k
Topics

44.5k
Posts