ScreenOS Firewalls (NOT SRX)
Reply
Contributor
Okunz
Posts: 22
Registered: ‎07-05-2011
0

VPN up, but not passing traffic between the two sites. (SSG-5)

Hello,

 

I configured VPN between two sites. The purpose is for a remote site to access the mail server located at the head office. The set up worked initially as they were able to access the mail servers but it stopped working after sometime (later that day). I didn't make any notable changes on the firewalls on both ends so I am quite puzzled.

 

It's a route based VPN. The tunnel is up but isn't passing traffic. I can't ping the local subnets of the remote sites from either sites again. What could be the issue here? Thanks.

 

 

Contributor
Okunz
Posts: 22
Registered: ‎07-05-2011
0

Re: VPN up, but not passing traffic between the two sites. (SSG-5)

I have to add that on the event log, I can see the message below;

 

IKE 41.75.201.238 Phase 1: Retransmission limit has been reached.

 


Trusted Contributor
Stac Polaidh
Posts: 90
Registered: ‎01-24-2012
0

Re: VPN up, but not passing traffic between the two sites. (SSG-5)

Hi,

 

Did you go through http://kb.juniper.net/InfoCenter/index?page=content&id=KB9349?

If you feel you made no changes then point 5 maybe significant.

Pier
Network and telephony support engineer
JNCIA-FWV, CCNP Voice, CCNA
Contributor
Okunz
Posts: 22
Registered: ‎07-05-2011
0

Re: VPN up, but not passing traffic between the two sites. (SSG-5)

Hi,

 

Thanks for the response.

 

I have gone through the article. There is no router/firewall that is blocking IPSec traffic on the network.

 

I can ping the firewall at the remote site from the head office. But can't ping any of the work stations in the LAN at the remote office.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.