Skip to content

Support Knowledge Base>Submit Feedback

Customer Support Center

PKI: Phase 1 Negotiations Fail - Cannot match Policy entry for received Phase 1 ID (KB ID: KB5514)

Article ID: KB5514
Former Article ID: nskb1227
Published: Dec 06, 2006
Last Modified: Dec 06, 2006
Visible By: Employee, PTAC, Partner, Customer, Public

Back to Previous Page | Knowledge Base Home

Article URL

http://kb.juniper.net/KB5514

Synopsis

PKI: Phase 1 Negotiations Fail - Cannot match Policy entry for received Phase 1 ID

Problem

Environment:
  • NetScreen Remote log viewer recognizes FQDN from the NetScreen gateway
  • Received ID Domain = ns100.netscreen.com
  • NetScreen gateway configured with domain name
  • NetScreen Remote has Gateway IP address specified
  • Dial Up VPN using PKI Certificates
  • Phase 1 proposals match
 
Symptoms & Errors:
  • VPN not working
  • Log Viewer Message: Cannot match Policy entry for received Phase 1 ID

Solution

The problem is because the Domain Name is not specified in NetScreen-Remote
 
In the Connect using Secure Gateway Tunnel section of NetScreen-Remote, make sure there is a Domain Name specified, along with the Gateway IP address.  Both need to be filled in.  If only one of the two is configured, Phase 1 will fail.
 

Category Description

By Product » Software » Network Operating Systems » ScreenOS Software
By Product » Software » VPN Clients
By Network Technology » IP Protocols » Tunneling Protocols

Purpose

Troubleshooting

Related Articles


Related Links


Related Files