thank you, i added IKE to the interface:
security-zone Internet { host-inbound-traffic { system-services { ike; } } interfaces { fe-0/0/0.0 { host-inbound-traffic { system-services { https; ssh; ike; } } } } }
But i still dont think the SRX is receiving anything from the SSG:
aaaaaa@Dallas_SRX> show security ike security-associations detail IKE peer 1.1.1.1, Index 3505536, Gateway Name: gw_Colo_VPN Role: Initiator, State: DOWN Initiator cookie: 6c6bbc7cdb25fcf2, Responder cookie: 0000000000000000 Exchange type: Main, Authentication method: Pre-shared-keys Local: 2.2.2.2:500, Remote: 1.1.1.1:500 Peer ike-id: not available Xauth user-name: not available Xauth assigned IP: 0.0.0.0 Algorithms: Authentication : (null) Encryption : (null) Pseudo random function: (null) Diffie-Hellman group : unknown Traffic statistics: Input bytes : 444 Output bytes : 416 Input packets: 3 Output packets: 3 Flags: Waiting for doneWaiting for remove IPSec security associations: 0 created, 0 deleted Phase 2 negotiations in progress: 0 Flags: Waiting for doneWaiting for remove
attached is another KMD log. I see something like:
[May 22 09:34:56][2.2.2.2 <-> 1.1.1.1] <none>:500 (Responder) <-> 1.1.1.1:500 { ad2a2219 3d763722 - 6a32ea36 94f9d80d [0] / 0xf501a37f } Info; Trying to decrypt, but no decryption context initialized
then what seems like a bunch of chattering and this?
[May 22 09:35:26][2.2.2.2 <-> 1.1.1.1] 2.2.2.2:500 (Initiator) <-> 1.1.1.1:500 { ad2a2219 3d763722 - 6a32ea36 94f9d80d [-1] / 0x00000000 } IP; Connection timed out or error, calling callback [May 22 09:35:26][2.2.2.2 <-> 1.1.1.1] ikev2_fb_negotiation_done_isakmp: Entered IKE error code Timeout (8197), IKE SA eea400 (neg eee800)
Thanks