cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
643
Views
0
Helpful
1
Replies

isr1800 L2L ipsec tunnel with Netscreen ISG2000

oszkari
Level 1
Level 1

Hi all!

I have a problem setting up an ipsec tunnel between a 1811 ISR router and Netscreen ISG2000 device.

After the successfully completed Phase1 appears an error which i cannot understand where it is come from.

*May 5 23:27:25.694 EET: ISAKMP:(2921):Need config/address

*May 5 23:27:25.694 EET: ISAKMP: set new node -745013984 to CONF_ADDR

*May 5 23:27:25.694 EET: ISAKMP:(2921):No IP address pool defined for ISAKMP!

*May 5 23:27:25.694 EET: ISAKMP:(2921):peer does not do paranoid keepalives.

*May 5 23:27:25.694 EET: ISAKMP:(2921):deleting SA reason "Fail to allocate ip address" state (R) CONF_ADDR (peer zz.yy.xx.vv)

*May 5 23:27:25.694 EET: ISAKMP:(2921):deleting node -745013984 error FALSE reason "No Error"

*May 5 23:27:25.694 EET: ISAKMP:(2921):peer does not do paranoid keepalives.

I have tried with different isakmp/ipsec parameters I also changed the IOS but nothing changed. Did anybody have experience with this error message?

Any help would be appreciated.

Netscreen: ScreenOS5.4

ISR1811: 12.4(15)T4

1 Reply 1

oszkari
Level 1
Level 1

Problem solved.

There is a well known incompatibility issue with third-party ipsec clients (problem description:CSCsh20354)

I removed the easy vpn server from the cisco and everything started to work.

But I can't figure out why the juniper equipment was treated like an easy vpn-client.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: