09-24-2010 10:49 AM
I have try to setup remote access VPN on our SSG 20 (Firmware Version: 6.1.0r2.0 (Firewall+VPN)
I follow the setup guide step by step but still get the above errors.
I have checked the IKE Identity, outgoing interface and Preshared key.
They are all the same.
Please help. Thanks a lot.
By the way, it looks like I can not debug as I login shows only the following command:
clear clear dynamic system info
delete delete persistent info in flash
exec exec system commands
exit exit command console
get get system information
mtrace multicast traceroute from source to destination
ping ping other host
reset reset system
save save command
set configure system parameters
trace-route trace route
unset unconfigure system parameters
09-24-2010 12:33 PM
First - debug does not show up when you do a CLI show command.
Key commands for debugging IKE are:
debug ike detail (turns on debug for ike)
clear db (clears out the debug buffers)
get db str (displays current buffer values
This forum entry has even more detail on debug:
Second - There are a bunch of reasons for this error. If you search the Juniper KB for that error you will get quite a few hits. Here is a very good KB article that will point out the most common problems:
Hope that helps you get started in troubleshooting. I actually am just writing a bunch of documentation on NSRemote access for a client and can't tell you how many times I get this error as I document various setup scenarios and use the wroing ID type on one side or the incorrect interface or select certificate when I meant preshare.........