Hi,
i batteed me head on this one... turns out, to get our VPN stable even though the Checkoint's P2 proposal was set to
"Group 2" set the P2 proposal on the juniper to "NO PFS" .. in stead of "DH GROUP2"
I have done this, so our P2 proposal is now NOPFS -aes etc... and it worked...
Not sure if this is a bug or a feature, but was the only way I got the VPN to work between vendors. For us, PFS just
didn't work. You may see this error on the checkpoint > Information: encryption failure: Unknown SPI: 0xaeb72e99 for
IPsec packet and something similar on the juniper.
might be worth a shot.
Regards,
Kerry.
On 03/05/10 22:26, Nick Ryce wrote:
After some further testing it looks like the juniper keeps re-establishing the
tunnel every 10-20 seconds or so.
Does anyone have real world experience of getting a j2320 ipsec tunnel working
with an ASA5510?
Nick
From: Nicholas Oas [mailto:nicholas....@gmail.com]
Sent: 30 April 2010 13:03
To: Nick Ryce
Subject: Re: [j-nsp] Juniper IPSEC VPN
--
--------------------------------------
.- Kerry Milestone -.
.- Senior Systems Administrator -.
.- Networks Team -.
.- Wellcome Trust Sanger Institute -.
.- -.
.- http://www.sanger.ac.uk -.
.- +44 (0)1223 492320 -.
--------------------------------------
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
