RVS4000 VPN to Juniper Netscreen

markburgess2010 · ‎12-07-2010

Has anyone had any luck establishing a VPN tunnel between the RVS4000 and a Juniper Netscreen? if so, could you please post your configuration? I've been trying for days to get this to work and I'm starting to think it's impossible.

davbarre · ‎12-07-2010

Hi Mark,

The first thing that jumps to my mind is PFS. Are you using Perfect Forward Secrecy on both ends?

The way I usually work on these issue's is to go line by line on the configs. It's very easy to mis-type either a password, or subnet.

Also, do you have the IPSec VPN logs from the RVS4000? This may at least point you in the right direction.

Thanks!

Dave

David L. Barrett, Jr.

markburgess2010 · ‎12-07-2010

I have tried with and without PFS, and it doesn't make any difference.

On the RVS400 I see messages containing "NO PROPOSAL CHOSEN", on the Juniper, I get messages that "there were no acceptable Phase 1 proposals".

davbarre · ‎12-07-2010

Hi Mark,

Are you certain that port 500 for IKE is open via the ISP?

Also, have you tried other Authentication and Encryption types for Phase 1?

Lastly, do the SA Lifetimes match?

Thanks!

Dave

David L. Barrett, Jr.

markburgess2010 · ‎12-08-2010

Dave, thanks for the followup.

I know the other end is good because up until this weekend, I was using a Netgear VPN router to connect to it flawlessly. I can also connect with desktop IPSec VPN clients.

I have set up the RVS4000 VPN settings to match as closely as possible what I had before. So right now, I suspect there is something missing or wrong with the RVS4000.

davbarre · ‎12-08-2010

Hi Mark,

At this point I would recommend placing a call to the Cisco Small Business support center at 1-866-606-1866.

We can simulate an IPSec VPN connection from here to your RVS4000 and verify connectivity with an SMB product and proceed to troubleshoot from there.

Thanks!

Dave

David L. Barrett, Jr.