Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Rejected an IKE packet because an initial Phase 1 packet arrived from an unrecognized peer gateway.

    Posted 09-24-2010 10:50

    I have try to setup remote access VPN on our SSG 20 (Firmware Version:  6.1.0r2.0 (Firewall+VPN)

    I follow the setup guide step by step but still get the above errors.

    I have checked the IKE Identity, outgoing interface and Preshared key.

    They are all the same.

    Please help. Thanks a lot.

    By the way, it looks like I can not debug as I login shows only the following command:

    clear                clear dynamic system info
    delete               delete persistent info in flash
    exec                 exec system commands
    exit                 exit command console
    get                  get system information
    mtrace               multicast traceroute from source to destination
    ping                 ping other host
    reset                reset system
    save                 save command
    set                  configure system parameters
    trace-route          trace route
    unset                unconfigure system parameters



  • 2.  RE: Rejected an IKE packet because an initial Phase 1 packet arrived from an unrecognized peer gateway.

    Posted 09-24-2010 12:33

    First - debug does not show up when you do a CLI show command.

     

    Key commands for debugging IKE are:

     

    debug ike detail (turns on debug for ike)

    clear db (clears out the debug buffers)

    get db str (displays current buffer values

     

    This forum entry has even more detail on debug:

    http://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/Troubleshooting-Tips-Debug-commands/td-p/6203

     

    Second - There are a bunch of reasons for this error. If you search the Juniper KB for that error you will get quite a few hits. Here is a very good KB article that will point out the most common problems:

     

    http://kb.juniper.net/index?page=content&id=KB9238&actp=search&searchid=1285356435688

     

    Hope that helps you get started in troubleshooting. I actually am just writing a bunch of documentation on NSRemote access for a client and can't tell you how many times I get this error as I document various setup scenarios and use the wroing ID type on one side or the incorrect interface or select certificate when I meant preshare.........

     



  • 3.  RE: Rejected an IKE packet because an initial Phase 1 packet arrived from an unrecognized peer gateway.

    Posted 11-28-2014 05:43

    i have found it - i have to set on Firewall to Agressive



  • 4.  RE: Rejected an IKE packet because an initial Phase 1 packet arrived from an unrecognized peer gateway.

    Posted 05-21-2015 14:48

    I had same problem while using NCP Client. Turned out to be an issue on my ISP's end. Different location proved successful.