Trying to get a point-to-point VPN setup between a SSG and an SRX and can't get past the phase 1 error. Any help would be appreciated.
Here are the configs:
SSG: Untrust Addr: x.x.x.138, Trust Addr: 172.16.0.0/20
SRX: Untrust Addr: x.x.x.177, Trust Add: 10.1.10.0/24
Error from SSG - Rejected an IKE packet on ethernet0/0 from x.x.x.177:500 to x.x.x.138:500 with cookies xxx and 0000000000000000 because an initial Phase 1 packet arrived from an unrecognized peer gateway.
SSG - router
set interface "ethernet0/0" zone "Untrust"
set interface "tunnel.1" zone "Trust"
set interface ethernet0/0 ip x.x.x.138/29
set interface ethernet0/0 route
set interface bgroup0 ip 172.16.0.1/20
set interface bgroup0 nat
set interface tunnel.1 ip unnumbered interface ethernet0/0
set address "Untrust" "10.1.10.0/24" 10.1.10.0 255.255.255.0
set ike gateway "TO_HQ" address x.x.x.117 Main outgoing-interface "ethernet0/0" preshare "xxxx" set vpn "HQ_VPN" gateway "TO_HQ" no-replay tunnel idletime 0 sec-level standard
set vpn "HQ_VPN" id 0x3 bind interface tunnel.1
unset interface tunnel.1 acvpn-dynamic-routing
set policy id 11 from "Untrust" to "Trust" "10.1.10.0/24" "Any" "ANY" permit
set policy id 11
set route 10.1.10.0/24 interface tunnel.1 gateway 10.1.10.1 permanent
SRX - router
set interfaces st0.0 family inet
set routing-options static route 172.16.0.0/20 next-hop st0.0
set security zones security-zone vpn interfaces st0.0
set security zones security-zone untrust host-inbound-traffic system-services ike
set security zones security-zone trust address-book address net-cfgr_10-1-10-0--24 10.1.10.0/24
set security zones security-zone vpn address-book address net-cfgr_172-16-0-0--20 172.16.0.0/20
set security ike policy ike-policy-cfgr mode main
set security ike policy ike-policy-cfgr proposal-set standard
set security ike policy ike-policy-cfgr pre-shared-key ascii-text "xxxx"
set security ike gateway ike-gate-cfgr ike-policy ike-policy-cfgr
set security ike gateway ike-gate-cfgr address x.x.x.138
set security ike gateway ike-gate-cfgr external-interface fe-0/0/0
set security ike gateway ike-gate-cfgr version v1-only
set security ipsec policy ipsec-policy-cfgr proposal-set standard
set security ipsec vpn ipsec-vpn-cfgr ike gateway ike-gate-cfgr
set security ipsec vpn ipsec-vpn-cfgr ike ipsec-policy ipsec-policy-cfgr
set security ipsec vpn ipsec-vpn-cfgr bind-interface st0.0
set security ipsec vpn ipsec-vpn-cfgr establish-tunnels on-traffic
set security policies from-zone trust to-zone vpn policy trust-vpn-cfgr match source-address net-cfgr_10-1-10-0--24
set security policies from-zone trust to-zone vpn policy trust-vpn-cfgr match destination-address net-cfgr_172-16-0-0--20
set security policies from-zone trust to-zone vpn policy trust-vpn-cfgr match application any
set security policies from-zone trust to-zone vpn policy trust-vpn-cfgr then permit
set security policies from-zone vpn to-zone trust policy vpn-trust-cfgr match source-address net-cfgr_172-16-0-0--20
set security policies from-zone vpn to-zone trust policy vpn-trust-cfgr match destination-address net-cfgr_10-1-10-0--24
set security policies from-zone vpn to-zone trust policy vpn-trust-cfgr match application any
set security policies from-zone vpn to-zone trust policy vpn-trust-cfgr then permit