Hi
I am trying to setup a VPN between our Juniper SSG20-WLAN and a client's Zyxel VMG8324-B10A. I have used the following settings on both ends:
IKEv1
Preshared Key
Local ID = IP of local router
Remote ID = IP of remote router
ESP, 3DES, SHA1
Replay Protection enabled - Juniper end
Rekey enabled - Juniper end
At one point I was getting this error but it went away after I made sure the Local and Remote IDs matched on both ends:
2015-05-05 11:09:08 info IKE ZyxelExternalIP Phase 2 msg ID eea253a3: Negotiations have failed.
2015-05-05 11:09:08 info Rejected an IKE packet on ethernet0/0.1 from JuniperExternalIP:500 to ZyxelExternalIP:500 with cookies d0f7ce782ad4137d and cc36db7ceaad572e because The peer sent a proxy ID that did not match the one in the SA config.
2015-05-05 11:09:08 info IKE ZyxelExternalIP Phase 2: No policy exists for the proxy ID received: local ID (192.168.4.0/255.255.255.0, 0, 0) remote ID (10.1.1.0/255.255.255.0, 0, 0).
2015-05-05 11:09:08 info IKE ZyxelExternalIP Phase 2 msg ID eea253a3: Responded to the peer's first message.
2015-05-05 11:09:01 info IKE ZyxelExternalIP Phase 2: Initiated negotiations.
2015-05-05 11:09:01 info IKE ZyxelExternalIP Phase 1: Completed Main mode negotiations with a 28800-second lifetime.
2015-05-05 11:09:01 info IKE ZyxelExternalIP phase 1:The symmetric crypto key has been generated successfully.
2015-05-05 11:09:01 info IKEJuniperExternalIP ZyxelExternalIP Phase 1: Initiated negotiations in main mode.
I have been through a variety of different errors in the Juniper log, but the current one is:
2015-05-05 11:21:41 info IKEJuniperExternalIP ZyxelExternalIP Phase 1: Initiated negotiations in main mode.
2015-05-05 11:20:59 info IKE ZyxelExternalIP Phase 1: Retransmission limit has been reached.
Note I have replaced the external IPs with JuniperExternalIP and ZyxelExternalIP for clarity. Does anyone have any tips to get this VPN tunnel up?