[VPN] Netscreen 5 Problems - P2 Proxy ID

Tom McHugh TomM at spectrum-systems.com
Fri Oct 11 14:55:20 EDT 2002 

Debug info from the NetScreen-5 would help, too.  You can get it and save it
to a file from the WebUI: Log -> Event 
or from the CLI: 'get log event' (and then cut&paste)

Without that, though, you might want to check that your policy on the NS-5
matches precisely with your NetScreen-Remote config.  If you have allowed
access to the whole subnet on one side, but only a single IP on the other,
the VPN will fail at about the point your NetScreen-Remote did.

Tom McHugh, Senior Systems Engineer
mailto:tomm at spectrum-systems.com

Spectrum Systems, Inc.
"Today's Technology--Solutions for Tomorrow"

11320 Random Hills Road, Suite 630
Fairfax, VA 22030-6001
703-591-7400 x218
703-591-9780 (Fax)
http://www.spectrum-systems.com/

Stop struggling with your network!  You can save yourself the headache of
total network management and save money at the same time by using the help
and expertise of experienced professionals.  Call us at 800-929-3781 or
visit us at http://www.spectrum-systems.com to learn more.


> -----Original Message-----
> From: osmond at holburn.com [mailto:osmond at holburn.com]
> Sent: Thursday, October 10, 2002 10:40 AM
> To: vpn at lists.shmoo.com
> Subject: [VPN] Netscreen 5 Problems - P2 Proxy ID
> 
> 
> Thanks for all the help people suggested, I've changed clients to a 
> Netscreen 7 client to try and connect to my Netscreen 5xp. 
> 
> Now I can get past phase 1, but not 2. I've run the debug on 
> the netscreen 
> and come up with this: 
> 
> (IP address have been replaced with fictional addresses) 
> 
> Anyone have any ideas why this isn't working? 
> 
> ##2002-10-10 09:36:19 system-debugging: *done(52b14476)
> ##2002-10-10 09:36:19 system-debugging: IKE <168.64.2.28> 
> Phase 2 msg-id 
> <52b14476>: Responded to the first peer message.
> ##2002-10-10 09:36:19 system-debugging: Resonder not set 
> commit bit on 2nd 
> QM.
> ##2002-10-10 09:36:19 system-debugging: Decrypting payload 
> (length 264)
> ##2002-10-10 09:36:19 system-debugging:   validate(264): 8/24 
> 1/76 10/100 
> 4/232 5/244 5/260
> ##2002-10-10 09:36:19 system-debugging:     Receiving <--
> ##2002-10-10 09:36:19 system-debugging: Payload: Hash 
> Security_Assoc Nonce 
> Key_Exchange Identification Identification
> ##2002-10-10 09:36:19 system-debugging: extract(264):
> ##2002-10-10 09:36:19 system-debugging: Error: No phase 2 
> proxy id from peer 
> 168.64.2.28, message_id<52b14476>.
> ##2002-10-10 09:36:19 system-debugging: 
> oakley_process_quick_mode():exit
> ##2002-10-10 09:36:19 system-debugging: IKE <168.64.2.28> 
> Phase 2 msg-id 
> <52b14476>: Negotiations have failed.
> ##2002-10-10 09:36:19 system-debugging:   Delete conn entry...
> ##2002-10-10 09:36:19 system-debugging: found(52b14476) 
> 
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
>

More information about the VPN mailing list