Hi,
I have followed this document to establish VPN connection between Juniper SSG140 and iOS device:
https://forums.juniper.net/jnet/attachments/jnet/Firewalls/30984/4/Apple%20VPN%20and%20Juniper%20ScreenOS.pdf
But I am stuck on:
2017-01-25 09:09:45 info Rejected an IKE packet on ethernet0/9 from a.b.c.d:500 to w.x.y.z:500 with cookies 1328d54ec3a99964 and 54bd7563665d5c93 because The peer sent a TS that did not match the one in the SA config.
2017-01-25 09:09:45 info IKE V2 w.x.y.z: Received a notification message for 16395 NOTIFY_MSG_NON_FIRST_FRAGMENTS_ALSO.
2017-01-25 09:09:45 info IKE V2 w.x.y.z: Received a notification message for 16394 NOTIFY_MSG_ESP_TFC_PADDING_NOT_SUPPORTED.
2017-01-25 09:09:45 info IKE w.x.y.z IKESA : Completed IKESA negotiations with IKE SA AUTH.
2017-01-25 09:09:45 info IKE w.x.y.z IKESA: Completed for user swissmom-ios-user.
2017-01-25 09:09:45 info IKE V2 w.x.y.z: Received a notification message for 16396 RESERVED TO IANA.
2017-01-25 09:09:45 info IKE V2 w.x.y.z: Received a notification message for 16384 NOTIFY_MSG_INITIAL_CONTACT.
2017-01-25 09:09:45 info IKE w.x.y.z CHILD SA with IKE SA INIT: Initiated negotiations.
2017-01-25 09:09:45 info IKE V2 w.x.y.z: Received a notification message for 16430 RESERVED TO IANA.
2017-01-25 09:09:45 info IKE V2 w.x.y.z: Received a notification message for 16389 NOTIFY_MSG_NAT_DETECTION_DESTINATION_IP.
2017-01-25 09:09:45 info IKE V2 w.x.y.z: Received a notification message for 16388 NOTIFY_MSG_NAT_DETECTION_SOURCE_IP.
2017-01-25 09:09:45 info IKE V2 w.x.y.z: Received a notification message for 16406 RESERVED TO IANA.
2017-01-25 09:09:45 info IKE w.x.y.z IKESA: Responder starts negotiations.
Can someone please explain me what this message (The peer sent a TS that did not match the one in the SA config) mean and how can I potentially fix it? From log reference guide:
https://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_messages.pdf
on page 287 I can only see this explanation:
"The Traffic Sector (TS) payload (local and remote subnets protected by this tunnel) within the message was not consistent with the TS setting for this VPN configuration."
But what does it mean exactly for me? how can I check local and remote subnets protected by my tunnel? Which settings?
Thanks,
Matthias