Text Size:        

• Ask the KB
• Find answers in our KB
  
  Example: "Configure BGP"
  
• KB Article Feedback
• This article was easy to understand:

  Strongly Agree
  Agree
  Neutral
  Disagree
  Strongly Disagree
  

  This article was complete and accurate:

  Strongly Agree
  Agree
  Neutral
  Disagree
  Strongly Disagree
  

  How best can we improve this article?:

  
  

  What is your overall rating on this article?:

  Excellent
  Good
  Neutral
  Poor
  Very Poor
  

How to troubleshoot a Dial-Up VPN that won't come up and there are no messages in the Kmd Log in JUNOS-ES. (KB ID: KB10102)

Back to Previous Page | Knowledge Base Home

Article URL

http://kb.juniper.net/KB10102

Synopsis

This article addresses troubleshooting a NetScreen-Remote (NSR) VPN Client that can't connect to the JUNOS Enhanced Services (JUNOS-ES) VPN device, and there are no messages in the NSR Log Viewer.

Problem

When trying to set up a Dial-Up VPN using the NetScreen-Remote VPN Client, it does not come active and it is not showing any IKE Phase 1 or Phase 2 messages in the Log Viewer of the NSR Client.

Solution

To view the flowchart for the steps listed below, select:  KB10102 Flowchart

Follow the steps in order until either the issue is resolved or a case is opened with the Juniper Technical Assistance Group:

 Are you using the latest version of NetScreen-Remote? Consult: KB6161 - Determining the version of NetScreen-Remote

• Yes - Continue with Step 2
• No   - In most cases, it is recommended to run the latest version of NetScreen-Remote Client. Please consult the Release Notes for the latest version to determine if an upgrade is possible. Release Notes are located at: NetScreen-Remote Technical Documentation 

 Is the NetScreen-Remote installed on a supported platform?  For assistance, see KB8343 - Which version of Windows will support the NetScreen-Remote client? .

• Yes - Continue with Step 3
• No   - Install the NetScreen-Remote VPN Client software on a PC that is using one of the approved operating systems.

 Is there something on the NetScreen-Remote Client PC or at the NetScreen-Remote Client site that is blocking VPN packets?  See KB7282 - Is IPSec traffic Being Blocked?

• Yes - Clear whatever is blocking IPSec and try establishing the tunnel again. 
• No   - Continue with Step 4

 Is the NetScreen-Remote VPN Client Active?  For assistance, see KB5695 - How to disable or enable the NetScreen-Remote (NetScreen-Remote) VPN Client?

• Yes - Continue with Step 5
• No   - Activate the NetScreen-Remote Client and try establishing the tunnel again. 

 Is the Security Policy configured to "Only Connect Manually"?  For assistance, see KB9510 - Does “Only Connect Manually” need to be configured in the Juniper NetScreen-Remote Client?

• Yes - You must manually connect before traffic will be allowed to the local LAN on the other side of the tunnel.  To connect manually, refer to KB9510
• No   -  Continue with Step 6

 Are there IKE Phase 1 or Phase 2 messages (corresponding with this Dial-up VPN) in the Firewall's Kmd Logs?  For assistance, see KB10097 - How do I find the VPN entry in the Kmd Log?

• Yes - see KB10089 - How to Troubleshoot a Dial-Up VPN that will not come active
• No   - Continue with Step 7

 If the VPN connection is still not working, reboot the PC again. JTAC has found that a second reboot is occasionally required after the installation or upgrade of NSR. 

• If rebooting the PC did not resolve the problem continue with Step 8

 Does the same NetScreen-Remote configuration (SPD file) work on another PC?  (Use File > Export Security File to export the SPD from your PC, and use File > Import Security File to import the SPD file on another PC.)

• Yes - The problem has been isolated to an issue on the original PC or the original PC's network environment.  Compare the differences between the two and make the appropriate changes.  
• No  - Continue with Step 9

 Collect the NetScreen-Remote logs and open a case by either calling in to Juniper Networks Technical Assistance Center at 888-314-JTAC (5822) or login to the Case Management tool via the Juniper support site at: Case Management and click on the "Create a Case" link.

• For assistance with collecting log information, see KB10103 - What information should  be collected for a Dial-Up VPN that won't come up?

Category Description

By Product » Software » Network Operating Systems » JUNOS-ES Software
By Product » Hardware » Routers » J-series » J2350
By Product » Hardware » Routers » J-series » J2320
By Product » Hardware » Routers » J-series » J6350
By Product » Hardware » Routers » J-series » J4350

Purpose

Troubleshooting

Related Articles

Related Links

Related Files