SRX Services Gateway
SRX Services Gateway

VPN Policy error

‎12-08-2011 06:41 AM

I'm trying to set up VPN on my SRX240. The error I'm getting is 

 

[edit security policies from-zone untrust to-zone trust]
   'policy vpn-in'
      IPSec VPN ProxyId check failed for this policy
[edit security policies from-zone untrust to-zone trust]
   'policy vpn-in'
      Internal error: policy VPN verification failed.
error: configuration check-out failed

 

Here is the stanza. Let me know if you need any other information to help troubleshoot this.

 

 

match {
   source-address any;
   destination-address any;
   application any;
}
then {
   permit {
      tunnel {
      ipsec-vpn dyn-vpn;
      }
   }
   count;
}

5 REPLIES 5
SRX Services Gateway

Re: VPN Policy error

‎12-09-2011 07:49 PM
can you post complete config ...
Hafiz Muhammad Farooq
JNCIE-SEC, JNCIP-SEC, JNCIS-SEC, JNCIS-FWV
JNCIS-SP, JNCIS-SA, JNCIA-JUNOS
IBM Qradar Deployment Professional

[Please mark it as Accepted Solution if it works, Kudos if you like]

SRX Services Gateway

Re: VPN Policy error

[ Edited ]
‎02-05-2012 10:09 AM

Make sure that Proxy Id parameter is not defined under Phase2 Configuration as with policy based VPN the proxy ID will be derived form the policy it self

 

**************  Click on the button saying " Accept  as Solution"  if  My Post solved your problem  **************

 

SRX Services Gateway

Re: VPN Policy error

‎09-24-2012 07:16 AM

Resurecting this old thread because it's the only google hit for this error.

 

I had the same error for a site to site policy vpn and the cause was a typo in the pair-policy. Therefore it was refering to a pair-policy that did not exist. The error given was less than helpful in pointing towards the root cause.

SRX Services Gateway

Re: VPN Policy error

‎11-11-2013 10:34 AM

You are absolutely correct, thanks for coming back and making the post, saved me a lot of time troubleshooting a typo Smiley Happy

SRX Services Gateway

Re: VPN Policy error

‎01-17-2019 04:00 PM

It can also be caused by duplicate policies.