Hi friends,
I have a netscreen ISG 1000 , i i have configured a vpn between cisco behind a NAT device. in netscreen i have created a MIP in Untrust interface that is 10.180.27.129/32 to inside ip that is 192.168.2.189/32.
created P1 and P2 proposals , gateway towerds remote gateway type (static) 202.46.211.45 and ike to the gateway
and created policy
Encryption 3DES
Authentication MD5
Diffie-Helman Gp Group 2
Preshared Key ex:123456
LifeTime (sec) 86400
Mode Main
Type ESP
Encryption 3DES
Authentication MD5
Compression None
LifeTime (sec) 28800 Sec
PFS Disable
untrust to trust source 192.168.40.124/32 dest MIP(10.180.27.129) action permit
trust to untrust source 192.168.2.189/32 Dest MIP(10.180.27.129) action permit
when a packet is initiating from remote site am getting error logs
thats is
Rejected an IKE packet on ethernet2/4 from 202.46.211.45:500 to 89.211.35.2:500 with cookies fa79bb8d84d89a63 and 72edf3c7138f8eed because the VPN does not have an application SA configured.
IKE<202.46.211.25> Phase 2: No policy exists for the proxy ID received: local ID (<10.180.27.129>/<255.255.255.255>, <0>, <0>) remote ID (<192.168.40.124>/<255.255.255.255>, <0>, <0>).
IKE<202.46.211.45> Phase 2 msg ID <80ca7f03>: Responded to the peer's first message.
IKE<202.46.211.45> Phase 2 msg ID <80ca7f03>: Negotiations have failed.
I am attaching the diagram also
thanks and regards
Rakesh Hari