Forgive me, but is a smarthub a 3G hotspot type device from a mobile carrier? In the event that it is, you should find out if the provider is allowing for IKE traffic. Phase 1 errors point to the fact that there isn't basic connectivity between both gateways attempting to setup the tunnel.
If you're setting it up behind the netscreen, and you can't configure the smarthub to act in "bridge" mode, or IOW, it needs to terminate the IPSEC tunnel, you can possibly have it sit behind the netscreen and you can forward IKE through the netscreen to the smarthub in order to get that to work. On the netscreen side, you would set the untrusted interface to "route" mode. Not knowing what the capabilities of the smarthub I'm not entirely clear what other options you may have. HTH, Harry. On Tue, Nov 22, 2011 at 5:06 PM, Andrew S. Baker <[email protected]> wrote: > If the Smarthub is employing NAT, then you're going to have a problem > setting up your IPSec tunnel. > > I take it the ADSL is not employing NAT? > > * * > > *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of > Technology for the SMB market… > > * > > > > On Tue, Nov 22, 2011 at 3:59 PM, Cameron <[email protected]> wrote: > >> Good afternoon all, >> >> I have a working Juniper NS-5GT that I have used to create a VPN tunnel >> back to HO using an ADSL connection (I have verified that everything is >> functioning correctly). Now....What I'm trying to do is put a smart hub in >> the mix so that if I lose an ADSL line I could put one of these in place >> (wi-fi connection) until the ADSL gets repaired. I've tried all sorts of >> configuration changes but can't get it to allow the tunnel. >> >> So here's the setup. >> NS-5GT >> IP 10.240.30.1 >> DHCP 10.240.30.100-110 >> >> Smart Hub IP scheme can't be changed apparently >> Hub IP 192.168.20.1 >> It will hand out DHCP addresses >> It does have a static internet address >> Setup as a gateway >> >> I've tried setting the untrust IP as 192.168.20.1 and the default route >> to use the public IP, setting the untrust ip as the public ip....pretty >> much all the different combinations that I could think of. As far as I know >> there is no filtering going on with this smart hub. >> >> It looks like it's hitting my main firewall across the Internet, but it's >> not going any further than telling me "Phase 1: Retransmission limit has >> been reached". Now nothing on the two firewalls have changed so I know that >> the security settings DO work when I take the smarthub out and use an ADSL >> connection. >> >> If there is any information that I've forgotten to include, please let me >> know. >> >> Any ideas? >> >> TIA! >> Cameron >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
