SRX

 

Hello.
My task is to make a VPN channel between the two routers.
In the derivation of logs seen this message.

 

kmd[1090]: IKE negotiation failed with error: SA unusable. IKE Version: 1, VPN: gw-jvsrx-b Gateway: gw-jvsrx-b, Local: *.*.*.*/4500, Remote: *.*.*.*/4500, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0

 

Tell me what you need to fix.
Juniper recently started studying. I am a novice at this.

 

As per your config/logs you are using NAT. Can you mention your public ip as local- address on this srx and the same as remote -address on the other end.
You need to configure this under ike gateway hierarchy.

Write an example please.
On the basis of my config.

root@Peer# set security ike gateway To_SRX local-identity x.x.x.x

Please refer to below kb

http://kb.juniper.net/InfoCenter/index?page=content&id=KB25462

Thanks, I do it.

But i have a new problem)

 

IKE negotiation failed with error: Authentication failed.

 

What else i must do?

Authentication error because preshared key not matching. Make sure they are matching

It still no wokking.

Can u analizy my log?

 

Paste your IPSec config. It was your IPSec negotiation that failed according to the logs you pasted