Dear team,
I am trying to setup a Dynamic VPN between my laptop and and my SRX100H from the office.
In front of the SRX there is an ADSL modem from my ISP with the appropriate ports forwarded to the SRX (500, 4500, 443, ...).
I am fighting with this for 3 days already and I can not get over Phase 1 – it looks the link is DOWN, as can be seen below at the output from sho sec ike s-a. The Junos Pulse’s window remains with „Connecting ...” pending and nothing more happens ...
Below there are some outputs from cli, the IP/devices schema and I attached also my full config from the SRX.
Please help me to move forward and open the tunnel.
A.H.
OUTPUTS:
hay@srx-hay> show security ike security-associations
Index State Initiator cookie Responder cookie Mode Remote Address
77782 DOWN 0dc27ee752099f36 63207a927bb1e727 Aggressive 195.xxx.xxx.xxx
hay@srx-hay> show security ike security-associations detail
IKE peer 195.xxx.xxx.xxx, Index 77784, Gateway Name: N/A
Role: Responder, State: DOWN
Initiator cookie: fcf815e0813994d3, Responder cookie: 896caba841bb245b
Exchange type: Aggressive, Authentication method: Pre-shared-keys
Local: 172.20.20.2:500, Remote: 195.xxx.xxx.xxx:22566
Peer ike-id: not available
Xauth user-name: not available
Xauth assigned IP: 0.0.0.0
Algorithms:
Authentication : hmac-sha1-96
Encryption : aes128-cbc
Pseudo random function: hmac-sha1
Diffie-Hellman group : unknown
Traffic statistics:
Input bytes : 1596
Output bytes : 1024
Input packets: 4
Output packets: 2
IPSec security associations: 0 created, 0 deleted
Phase 2 negotiations in progress: 0
hay@srx-hay> show log kmd
[...]
[Jul 24 08:44:02]KMD_INTERNAL_ERROR: iked_ifstate_eoc_handler: EOC msg received
[Jul 24 08:44:43]KMD_INTERNAL_ERROR: iked_ui_event_handler: usp ipc connection for iked show CLI was SHUTDOWN due to error in receiving msg or age out of connection or flowd going down etc. Reconnect to pfe..
I found nothing in the System Log Messages Reference from Junos OS Technical Doc related to these errors ...
SCHEMA:
Note: laptop’s IP – from range 10.1.0.0./22