thank you, i added IKE to the interface:
security-zone Internet {
host-inbound-traffic {
system-services {
ike;
}
}
interfaces {
fe-0/0/0.0 {
host-inbound-traffic {
system-services {
https;
ssh;
ike;
}
}
}
}
}But i still dont think the SRX is receiving anything from the SSG:
aaaaaa@Dallas_SRX> show security ike security-associations detail
IKE peer 1.1.1.1, Index 3505536, Gateway Name: gw_Colo_VPN
Role: Initiator, State: DOWN
Initiator cookie: 6c6bbc7cdb25fcf2, Responder cookie: 0000000000000000
Exchange type: Main, Authentication method: Pre-shared-keys
Local: 2.2.2.2:500, Remote: 1.1.1.1:500
Peer ike-id: not available
Xauth user-name: not available
Xauth assigned IP: 0.0.0.0
Algorithms:
Authentication : (null)
Encryption : (null)
Pseudo random function: (null)
Diffie-Hellman group : unknown
Traffic statistics:
Input bytes : 444
Output bytes : 416
Input packets: 3
Output packets: 3
Flags: Waiting for doneWaiting for remove
IPSec security associations: 0 created, 0 deleted
Phase 2 negotiations in progress: 0
Flags: Waiting for doneWaiting for removeattached is another KMD log. I see something like:
[May 22 09:34:56][2.2.2.2 <-> 1.1.1.1] <none>:500 (Responder) <-> 1.1.1.1:500 { ad2a2219 3d763722 - 6a32ea36 94f9d80d [0] / 0xf501a37f } Info; Trying to decrypt, but no decryption context initializedthen what seems like a bunch of chattering and this?
[May 22 09:35:26][2.2.2.2 <-> 1.1.1.1] 2.2.2.2:500 (Initiator) <-> 1.1.1.1:500 { ad2a2219 3d763722 - 6a32ea36 94f9d80d [-1] / 0x00000000 } IP; Connection timed out or error, calling callback
[May 22 09:35:26][2.2.2.2 <-> 1.1.1.1] ikev2_fb_negotiation_done_isakmp: Entered IKE error code Timeout (8197), IKE SA eea400 (neg eee800)
Thanks