Hi forum,
first of all, i hope this is the correct forum for this matter. Now,
I'm trying to configure a vpn between a juniper ssg5 (public dynamic ip address) and a nortel contivity (public static ip address) through internet.
I have created both lan objects, configured all ip physical interfaces, remote gateway and the firewall policy (action = tunnel, selecting the created tunnel) and default route. I have chosen pre-g2-3des-md5 for phase 1 (vpns>autokey advanced >gateway>advanced>Phase1 proposal), and "compatible" for phase2 (vpns>autoike>tunnel_name>advanced>Phase2proposal.
In the other peer (nortel) i have configured a "responder" tunnel with 3des-md5-g2 ipsec parameters.
Tunnel is not going up. Logs are showing the following message.
SSG5: 'information:' 'IKE x.y.z.t Phase1: Retransmission limit has been reached (being x.y.z.t the remote gateway)'
Nortel: 'No proposal chosen. Diffie-hellman group mismatch in message from a.b.c.d'
It looks quite clear that the problem is the DH Group Phase1 misconfiguration in both peers, but ¡I have configured DH2 in both peers!
I have also tried to configure DH1 group and Routing Based Policy vpn configuration, but i get the same error.
Thanks in advance for your colaboration.
Regards, forum.