Text Size:        

• Ask the KB
• Find answers in our KB
  
  Example: "Configure BGP"
  
• KB Article Feedback
• This article was easy to understand:

  Strongly Agree
  Agree
  Neutral
  Disagree
  Strongly Disagree
  

  This article was complete and accurate:

  Strongly Agree
  Agree
  Neutral
  Disagree
  Strongly Disagree
  

  How best can we improve this article?:

  
  

  What is your overall rating on this article?:

  Excellent
  Good
  Neutral
  Poor
  Very Poor
  

How to Troubleshoot a Dial-Up VPN that will not come active (KB ID: KB9224)

Back to Previous Page | Knowledge Base Home

Article URL

http://kb.juniper.net/KB9224

Synopsis

This article will help determine the cause when a Dial-Up VPN does not come up.  A Dial-Up VPN is one between a PC using the NetScreen Remote (NSR) Client software and a Juniper firewall. 

Problem

A Dial-Up VPN is configured between a remote client, using the NetScreen Remote software, and a Juniper Firewall, but the tunnel is not coming up.   Use the steps listed below to troubleshoot the issue.

For assistance with installing a remote client VPN, consult: KB9508 - How do I remotely connect into my corporate/business office?

 

 

Solution

To view the flowchart for the steps listed below, select this link:  KB9224 Flowchart

Use the following steps to assist with resolving the Dial-Up VPN Tunnel issue:

 Is the VPN Tunnel a Dial-Up VPN?  A Dial-Up VPN is between a Juniper Firewall and a client PC that is running the Juniper VPN software. A Site-to-Site VPN is one that is between two Juniper Firewalls or a Juniper Firewall and an OEM VPN device.  

• Yes - Continue with Step 2.
• No   - See KB9221 - How to Troubleshoot a Site-to-Site VPN Tunnel that will not come up.

 Is the VPN Tunnel's SA active?  For assistance, see: KB6134 - How do I tell if a VPN Tunnel SA (Security Association) is active?.

• Yes - See Step 8 of : KB9276 - How to Troubleshoot a VPN that is up, but, is not Passing Traffic .
• No   - Continue with Step 3 

 Are there any IKE Phase 1 or 2 for this VPN Tunnel in the Event Logs?  For assistance,see: KB4426 - How Do I Find the VPN Entries in the Event Log?.

• Yes - Jump to Step 5
• No   - Continue with Step 4

 Are there any messages in the NetScreen Remote VPN Client Log Viewer? For assistance, see KB9396 - How to View and Analyze the Messages in the NetScreen Remote VPN Client Log Viewer.

• Yes - Jump to Step 6.
• No  - See KB9452 - How to troubleshoot a Dial-Up VPN that won't come up and there are no messages in the event logs.

  Are there IKE Phase 2 error messages in the Event Logs in the Firewall?

• Yes - See: KB9231 - How to Analyze IKE Phase 2 Error Messages in the Event Logs. 
• No  - Continue with Step 6

 Are there IKE Phase 1 error messages in the Event Logs in the Firewall?

• Yes - See: KB9238 - How to Analyze IKE Phase 1 Messages in the Event Logs.
• No  - Continue with Step 7.

 Collect NetScreen Remote and NS Firewall logs then open a case with Juniper Technical Support.  Refer to the following link for information on how to gather logs and the necessary documentation required for Juniper Technical Support to resolve this issue: KB9395 - What Information Should I collect for a Dial-Up VPN That Won't Come Up?.

Category Description

By Product » Hardware » Firewalls » NetScreen Firewall/IPSec VPN
By Product » Software » Network Operating Systems » ScreenOS Software

Purpose

Related Articles

Related Links

Related Files