Netscreen-10 and 5GT peer VPN

[How to run the NSM GUI under Mac OS X]

How to run the NSM GUI under Mac OS X
How to setup a route-based VPN on a NetScreen
How to make your PPTP VPN client work through a NetScreen/SSG
Setting up a dial-up VPN and NetScreen Remote
How the Global Zone Works (It's probably not what you think)
How to configure NetScreen/SSG devices to work with the built in Mac OS X VPN client
How to Configure Dial-up VPN with route-based tunnels, XAuth, and use IPSecuritas

[lil_tud]

Hi All

I'm a bit of a newbie to Netscreen VPN's, I have inherited a network with some 5GT's with peer VPN's already configured and working between sites, and I am trying to add an additional site with a Netscreen-10 connecting to a 5GT with a peer to peer vpn, I have found a few sites with details on getting peer vpns working with 5GT and similar devices taking, so with  the combination of looking at my existing setup and reading the doco I think I have the 5GT end set up correctly, but where I am stick is with the Netscreen-10 I don't seem to be able to bind the phase 2 to a Tunnel interface (or create one for that matter)

can anyone point me in the direction of some doco on peer VPN's with netscreen-10's or any of the older sceen-os netscreens.

I know this sounds vague, but any help is appreciated

Cheers

[lil_tud]

it seems that phase 2 negotiations aren't working, the even't log below form the 5GT may help with some more info?

2010-03-10 11:14:48   info   IKE<xxx.xxx.xxx.xxx>: Received a notification message for DOI <1> <16> <PAYLOAD_MALFORMED>.
2010-03-10 11:14:48   info   IKE<xxx.xxx.xxx.xxx> Phase 2: Received a message but did not check a policy because id-mode was set to IP or policy-checking was disabled.
2010-03-10 11:14:48   info   IKE<xxx.xxx.xxx.xxx> Phase 2 msg ID <311a304b>: Responded to the peer's first message.
2010-03-10 11:14:44   info   IKE<xxx.xxx.xxx.xxx2>: Received a notification message for DOI <1> <16> <PAYLOAD_MALFORMED>.
2010-03-10 11:14:44   info   IKE<xxx.xxx.xxx.xxx> Phase 2: Received a message but did not check a policy because id-mode was set to IP or policy-checking was disabled.
2010-03-10 11:14:44   info   IKE<xxx.xxx.xxx.xxx> Phase 2 msg ID <311a304b>: Responded to the peer's first message.
2010-03-10 11:14:40   info   IKE<xxx.xxx.xxx.xxx>: Received a notification message for DOI <1> <16> <PAYLOAD_MALFORMED>.
2010-03-10 11:14:40   info   IKE<xxx.xxx.xxx.xxx> Phase 2: Received a message but did not check a policy because id-mode was set to IP or policy-checking was disabled.
2010-03-10 11:14:40   info   IKE<xxx.xxx.xxx.xxx> Phase 2 msg ID <311a304b>: Responded to the peer's first message.
2010-03-10 11:14:36   info   IKE<xxx.xxx.xxx.xxx>: Received a notification message for DOI <1> <16> <PAYLOAD_MALFORMED>.
2010-03-10 11:14:36   info   IKE<xxx.xxx.xxx.xxx> Phase 2: Received a message but did not check a policy because id-mode was set to IP or policy-checking was disabled.
2010-03-10 11:14:36   info   IKE<xxx.xxx.xxx.xxx> Phase 2 msg ID <311a304b>: Responded to the peer's first message.
2010-03-10 11:14:32   info   IKE<xxx.xxx.xxx.xxx>: Received a notification message for DOI <1> <16> <PAYLOAD_MALFORMED>.
2010-03-10 11:14:32   info   IKE<xxx.xxx.xxx.xxx> Phase 2: Received a message but did not check a policy because id-mode was set to IP or policy-checking was disabled.
2010-03-10 11:14:32   info   IKE<xxx.xxx.xxx.xxx> Phase 2 msg ID <311a304b>: Responded to the peer's first message.
2010-03-10 11:14:30   info   IKE<xxx.xxx.xxx.xxx> Phase 1: Completed Aggressive mode negotiations with a <28800>-second lifetime.
2010-03-10 11:14:28   info   IKE<xxx.xxx.xxx.xxx> Phase 1: Responder starts AGGRESSIVE mode negotiations.


Does this help for any suggestions?

Cheers

•      Forum/Home
•      Store
•      Articles
•        Tech Articles
•        Industry News
•        Site News
•      Knowledgebase
•        JUNOS/Routing
•        NS/ISG/SSG/NSM
•        SSL VPN
•      Downloads

Please consider donating if we've saved you time or money. It helps pay for the bandwidth, equipment, and hosting charges to keep this site running

Submit Article/KB - Do not submit questions here.

[Today]

• www.nikeaaashoes.com.cn s... by kelly110 [Today at 01:58:21 PM]
• www. nikeaaashoes.com.cn ... by kelly110 [Today at 01:55:29 PM]
• www. nikeaaashoes.com.cn ... by kelly110 [Today at 01:53:25 PM]
• www. nikeaaashoes.com.cn ... by kelly110 [Today at 01:52:19 PM]
• www.nikeaaashoes.com.cn s... by kelly110 [Today at 01:49:14 PM]
• www.nikeaaashoes.com.cn s... by kelly110 [Today at 01:42:22 PM]
• www. nikeaaashoes.com.cn ... by kelly110 [Today at 01:23:43 PM]
• www. nikeaaashoes.com.cn ... by kelly110 [Today at 01:21:58 PM]
• www.holesale shoes clothe... by kelly110 [Today at 01:21:15 PM]
• www. nikeaaashoes.com.cn ... by kelly110 [Today at 01:20:08 PM]

Members

• Total Members: 22551
• Latest: barneb01

Stats

• Total Posts: 40719
• Total Topics: 11389
• Online Today: 82
• Online Ever: 393
• (August 06, 2008, 07:40:57 AM)

Users Online

Users: 0
Guests: 58
Total: 58