ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

VPN up, but not passing traffic between the two sites. (SSG-5)

02.07.12   |  
‎02-07-2012 01:14 AM

Hello,

 

I configured VPN between two sites. The purpose is for a remote site to access the mail server located at the head office. The set up worked initially as they were able to access the mail servers but it stopped working after sometime (later that day). I didn't make any notable changes on the firewalls on both ends so I am quite puzzled.

 

It's a route based VPN. The tunnel is up but isn't passing traffic. I can't ping the local subnets of the remote sites from either sites again. What could be the issue here? Thanks.

 

 

3 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: VPN up, but not passing traffic between the two sites. (SSG-5)

02.07.12   |  
‎02-07-2012 02:13 AM

I have to add that on the event log, I can see the message below;

 

IKE 41.75.201.238 Phase 1: Retransmission limit has been reached.

 


Highlighted
ScreenOS Firewalls (NOT SRX)

Re: VPN up, but not passing traffic between the two sites. (SSG-5)

02.07.12   |  
‎02-07-2012 02:52 AM

Hi,

 

Did you go through http://kb.juniper.net/InfoCenter/index?page=content&id=KB9349?

If you feel you made no changes then point 5 maybe significant.

Pier
Network and telephony support engineer
JNCIA-FWV, CCNP Voice, CCNA
ScreenOS Firewalls (NOT SRX)

Re: VPN up, but not passing traffic between the two sites. (SSG-5)

02.07.12   |  
‎02-07-2012 03:56 AM

Hi,

 

Thanks for the response.

 

I have gone through the article. There is no router/firewall that is blocking IPSec traffic on the network.

 

I can ping the firewall at the remote site from the head office. But can't ping any of the work stations in the LAN at the remote office.