Hello Guys,
Could you help me to bypass remote-ike-id check on MX80 MIC? I configured site-to-site vpn and in logs I get:
Oct 5 11:20:46 [10.42.131.130 <-> 10.42.147.32] kmd_pm_ike_match_remote_id: Remote ID check failed, Received ID(type = dn (9), len = 82, value = 3050312d 302b0603 55040313 244b3931 34333131 36313434 2e6e6f6b 69617369 656d656e 736e6574 776f726b 732e636f 6d311f30 1d060355 040a1316 4e6f6b69 61205369 656d6 Oct 5 11:20:46 [10.42.131.130 <-> 10.42.147.32] kmd_pm_ike_match_remote_id: remote ID check failed Oct 5 11:20:46 [10.42.131.130 <-> 10.42.147.32] IKE SA negotiation failed for remote-ip:10.42.147.32,do tunnel failover
I found out that following sections are optional on SRX:
set security ike gateway gateway ? Possible completions: ...... general-ikeid Accept peer IKE-ID in general <------------------ ... > local-identity Set the local IKE identity> remote-identity Set the remote IKE identity distinguished-name Use a distinguished name <-------------------
Those two allow to bypass remote-ike-id check on SRX.
From Junos OS 11.4R5 onward,s if general-ikeid is set, SRX will bypass IKE-ID validation with received ID Payload.
root@SRX-210# set security ike gateway From_Peer general-ikeid ref: https://kb.juniper.net/InfoCenter/index?page=content&id=KB25462&actp=search
However there is no equivalent on MX80 MIC ...