Hello Yaniv
On 20.03.2017 18:08, Yaniv Michalovski wrote: > Hi, > I'm trying to configure Dynamic IPsec between Strongswan and Juniper MX with > MS Card but with no success the following is the Juniper configuration and > Strongswan's -ipsec.conf "Dynamic IPsec"? > leftsubnet=172.16.1.0/24[gre] > rightsubnet=172.16.2.0/24[gre This doesn't make sense. What are you actually trying to do? Try not to use juniper feature terms. GRE tunnels between the two peers and then dynamic routing over it? > > Log on Linux-strongswan: > > payload type NOTIFY was not encrypted > > could not decrypt payloads > > integrity check failed > > 04[IKE] IKE_AUTH response with message ID 1 processing failed You need to either 1) read the logs on the juniper to figure out what it wants 2) use tcpdump to read the logs and then look at the contents of that IKE packet using wireshark to figure out what the NOTIFY is Please try to use fewer spaces in the next email and fix the formatting. The strongswan config was aligned to the right of the page and had lots of indentation problems. -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
