SRX

Hi, 

           We have 2 SSG5 routers in Site A and Site B,  we have added one more router at Site C (SRX210HPOE) ,  site-site vpn tunnle working fine b/w Site A and SiteB. But now we have to confiure site-site tunnel between Site C to Site A and Site B to Site A , 

         Site C (SRXRouter) to Site A(SSG5) configuration went fine and ablt to reach network vise-versa but form SiteB to SiteC giveing erros , 

Aug 27 03:04:58 KMD_PM_P2_POLICY_LOOKUP_FAILURE: Policy lookup for Phase-2 [responder] failed for p1_local=ipv4(udp:0,[0..3]=x.x.x.x) p1_remote=ipv4(udp:500,[0..3]=xd.x.x.x) p2_local=ipv4_subnet(any:0,[0..7]=0.0.0.0/0) p2_remote=ipv4_subnet(any:0,[0..7]=0.0.0.0/0)

Site C SRX toSite A SSG5 route based vpn , workign fine with standard proposal

Site C SRX to Site B SSG5 route base vpn  , giving erros with same standard proposal

            I Need to be worked sit-ste site tunnel betwee Site C(SRX) to Site A(SSG5)  & Site B (SSG5)

Attachment(s)

srx_configuration_mail.txt   7 KB 1 version

ike-logs.txt   10 KB 1 version

Hello,

st1.0 is not a valid tunnel number.

I think supported range is st0.0 to st0.16385.

Can you change the tunnel interface for other tunnel to st0.2?

Regards,

Rushi

Hi , can you please tell me  how to change existing st1.0 to st0.2 ?  and bind  too , set command will change modifigications or will create new one ?

Hello,

Can you try below commands:

delete security ipsec vpn ike-india-corp-vpn bind-interface st1.0
delete security zones security-zone vpn.hyd interface st1.0
delete routing-options static route 192.168.2.0/24 next-hop st1.0
delete interface st1.0

set interface st0.2 family inet address 11.11.11.10/24
set routing-options static route 192.168.2.0/24 next-hop st0.2
set security zones security-zone vpn.hyd interface st0.2
set security ipsec vpn ike-india-corp-vpn bind-interface st0.2

commit

Regards,

Rushi

Thnx VPN is up now , but i am not able to ping remote address ?