Quantcast
Channel: All SRX Services Gateway posts
Viewing all articles
Browse latest Browse all 17645

Re: Replacing a SSG5 with SRX100H2 in branch office

May 24, 2016, 10:57 am
$
0
0

thanks but did not work. same error in the KMD log as before:

IKE negotiation failed with error: Authentication failed.

 

However the SSG140 says:

2016-05-24 12:16:36 info IKE 2.2.2.2 Phase 2: Initiated negotiations. 
2016-05-24 12:16:36 info IKE 2.2.2.2 Phase 1: Completed Main mode negotiations with a 28800-second lifetime. 
2016-05-24 12:16:35 info IKE 2.2.2.2 phase 1:The symmetric crypto key has been generated successfully. 
2016-05-24 12:16:35 info IKE1.1.1.1 2.2.2.2 Phase 1: Initiated negotiations in main mode. 
2016-05-24 12:16:32 info IKE 2.2.2.2 Phase 2 msg ID 717d4ee7: Negotiations have failed. 
2016-05-24 12:16:32 info Rejected an IKE packet on bgroup0/0 from 2.2.2.2:500 to 1.1.1.1:500 with cookies d0967a1eecd7303a and 984bed1d232d305e because There were no acceptable Phase 2 proposals.. 
2016-05-24 12:16:32 info IKE 2.2.2.2 Phase 2 msg ID 717d4ee7: Responded to the peer's first message. 
2016-05-24 12:16:32 info IKE 2.2.2.2: Received initial contact notification and removed Phase 1 SAs. 
2016-05-24 12:16:32 info IKE 2.2.2.2 Phase 1: Completed Main mode negotiations with a 28800-second lifetime. 
2016-05-24 12:16:32 info IKE 2.2.2.2: Received initial contact notification and removed Phase 2 SAs. 
2016-05-24 12:16:32 info IKE 2.2.2.2: Received a notification message for DOI 1 24578 INITIAL-CONTACT. 
2016-05-24 12:16:32 info IKE 2.2.2.2 phase 1:The symmetric crypto key has been generated successfully. 
2016-05-24 12:16:32 info IKE 2.2.2.2 Phase 1: Responder starts MAIN mode negotiations. 
2016-05-24 12:15:56 info IKE 2.2.2.2 Phase 2: Initiated negotiations. 
2016-05-24 12:15:56 info IKE 2.2.2.2 Phase 1: Completed Main mode negotiations with a 28800-second lifetime. 
2016-05-24 12:15:56 info IKE 2.2.2.2 phase 1:The symmetric crypto key has been generated successfully. 
2016-05-24 12:15:56 info IKE1.1.1.1 2.2.2.2 Phase 1: Initiated negotiations in main mode.

Looking closer the SSG140 is using PFE Group 2, see attached pics

 

 

I have set the SRX back to PFE, group 2.

 

On the SSG140 it always hangs at: Phase 2: Initiated negotiations

 

when i rolled back to the SSG5 it completed. Portioin of the SSG140 log when the SSG5 comes back online:

2016-05-24 12:50:03   system   info  00536  IKE 2.2.2.2 Phase 2 msg ID 9fb436ef: Completed negotiations with SPI 9a586249, tunnel ID 16, and lifetime 3600 seconds/0 KB.
2016-05-24 12:50:03   system   info  00536  IKE 2.2.2.2 phase 2:The symmetric crypto key has been generated successfully.
2016-05-24 12:50:03   system   info  00536  IKE 2.2.2.2: Received a notification message for DOI 1 40001 NOTIFY_NS_NHTB_INFORM.
2016-05-24 12:50:03   system   info  00536  IKE 2.2.2.2 Phase 2: Initiated negotiations.
2016-05-24 12:50:03   system   info  00536  IKE 2.2.2.2 Phase 1: Completed Main mode negotiations with a 28800-second lifetime.
2016-05-24 12:50:03   system   info  00536  IKE 2.2.2.2 phase 1:The symmetric crypto key has been generated successfully.
2016-05-24 12:50:03   system   info  00536  IKE1.1.1.1 2.2.2.2 Phase 1: Initiated negotiations in main mode.

 

Search
Viewing all articles
Browse latest Browse all 17645
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>