SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 60
Registered: ‎01-24-2009
0 Kudos
Accepted Solution

IP Phone VPN at my wits end

Box is an SRX 320, v 15.1X49-D45

I'm at my wits end. I've done this before with an SRX... But I can't seem to make it work on this box.  It's an Avaya phone with an IPSEC vpn client builtin  trying to establish a tunnel to the SRX, a policy based VPN and local XAUTH.  I get these common errors:

 

[Jan 7 00:28:18]ike_st_i_sa_proposal: Start
[Jan 7 00:28:18]iked_pm_ike_spd_select_ike_sa failed. rc 1, error_code: No proposal chosen
[Jan 7 00:28:18]ikev2_fb_spd_select_sa_cb: IKEv2 SA select failed with error No proposal chosen (neg 1157000)

 

I hope someone can look at this and tell me what I'm missing and hopefully it's something obvious.  This seems pretty simple, I don't know what I'm missing.  I've checked that the client side matches all parameters and the shared secret matches of course.

Recognized Expert
Posts: 206
Registered: ‎01-06-2016

Re: IP Phone VPN at my wits end

Hi JayNEC,

 

policy-based VPN was initially removed from the 15.1X49 software train but was reintroduced in 15.1X49-D50. VPN client support was also initially removed and the reintroduced in 15.1X49-D60.

 

If you look in the attached configuration you will also see the "unsupported platform" multiple times. In this case it's due to missing support for policy-based VPN.

 

So first step would be to upgrade to at least 15.1X49-D60 and preferably 15.1X49-D70. Then try again.

--
Best regards,

Jonas Hauge Jensen
Systems Engineer, SEC Datacom A/S (Denmark)
Highlighted
Contributor
Posts: 60
Registered: ‎01-24-2009
0 Kudos

Re: IP Phone VPN at my wits end

Oh. My. God. 

 

 

I didn't notice those blocks. 

 

Thank you.