| Knowledge Base ID: | KB4409 |
| Version: | 4.0 |
| Published: | 07 Oct 2008 |
| Updated: | 07 Oct 2008 |
| Categories: |
 Firewall/IPSec_VPN IPSec ScreenOS |
This article applies to ScreenOS 5.0 and higher.
To ensure that the outgoing VPN interface configured in phase 1 matches, perform the following steps:
Open the WebUI. For more information on accessing the WebUI, go to KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI .
From the Juniper Firewall WebUI menu, select VPNs, AutoKey Advanced, then Gateway.
Locate the Gateway, and then click Edit.
Examine the Outgoing Interface field, located towards the bottom of the screen, and make note of which interface is designated.
View the Route Table by clicking on Network > Routing > Destination. Look for the default outgoing static route, it is the route with 0.0.0.0/0 in the IP/Netmask field. Note the interface used by the default route. In most cases, the VPN Gateway should use this same interface.
Is this the same interface as that listed as the Outgoing Interface in Step 4?
Yes - Then the Outgoing Interface in the Gateway is configured correctly. Go to Step 8 in KB9217 - How to Troubleshoot a Site-to-Site VPN That Won't Come Up and ther are No Messages In the Event Logs.
No - A new Gateway will have to be created using the correct outgoing interface. You cannot change the Outgoing Interface once the Gateway has been completed.
