Buy or Renew
Buy or Renew
Welcome to the new Cisco Community. LEARN MORE about the updates and what is coming.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3959
Views
0
Helpful
0
Comments

Cisco IPSEC IKEV2 and Juniper / Netscreen Interoperability Issues

Tommy Alexander
Cisco Employee
Cisco Employee

‎11-08-2010 05:33 PM - edited ‎08-23-2017 11:27 PM

 

 

 

 

 

 

Problem Overview

 

 

Juniper / Netscreen devices may not correctly handle multiple IPsec proposals that are sent to it when using IKEV2 (ike version 2) for a static LAN to LAN ipsec VPN tunnel.

 

Symptom

 

 

The IKEv2 and IPsec tunnels will come up successfully but data will NOT flow.

 

 

Condition

 

 

Seen if the Cisco device initiates the connection but not if the Juniper initiates the IKEv2 connection.

 

Workaround

 

 

1) The current workaround that could be used is to only configure a single IPsec proposal on the Cisco device for the static crypto map that is configured to a Juniper peer.

 

2) The other workaround is to configure the Cisco device in such a order that the last proposal is the one that matches with Juniper peer.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Quick Links
Discussions
Customers Also Viewed These Support Documents