Text Size:        

• Ask the KB
• Find answers in our KB
  
  Example: "Configure BGP"
  
• KB Article Feedback
• This article was easy to understand:

  Strongly Agree
  Agree
  Neutral
  Disagree
  Strongly Disagree
  

  This article was complete and accurate:

  Strongly Agree
  Agree
  Neutral
  Disagree
  Strongly Disagree
  

  How best can we improve this article?:

  
  

  What is your overall rating on this article?:

  Excellent
  Good
  Neutral
  Poor
  Very Poor
  

How to Troubleshoot a Dial-Up VPN that Won't Come Up and No Messages are reported in the Log Viewer (KB ID: KB9452)

Back to Previous Page | Knowledge Base Home

Article URL

http://kb.juniper.net/KB9452

Synopsis

This article addresses troubleshooting a NetScreen Remote VPN Client that can't connect to the firewall, and there are no messages in the Log Viewer.

Problem

When trying to set up a Dial-Up VPN using the NS-Remote Client, it does not come active and it is not showing any IKE Phase 1 or Phase 2 messages in the Log Viewer of the NS-Remote Client.

Solution

To view the flowchart for the steps listed below, select:  KB9452 Flowchart

Follow the steps in order until either the issue is resolved or a case is opened with the Juniper Technical Assistance Group:

 Are you using the latest version of NetScreen-Remote? Consult: KB6161 - Determining the version of NS-Remote

• Yes - Continue with Step 2
• No   - In most cases, it is recommended to run the latest version of NetScreen-Remote Client. Please consult the Release Notes for the latest version to determine if an upgrade is possible. Release Notes are located at: NetScreen-Remote Technical Documentation 

 Is the NS-Remote installed on a supported platform?  For assistance, see KB8343 - Which version of Windows will support the NetScreen Remote client? .

• Yes - Continue with Step 3
• No   - Install the NetScreen Remote VPN Client software on a PC that is using one of the approved operating systems.

 Is there something on the NetScreen Remote Client PC or at the NetScreen Remote Client site that is blocking VPN packets?  See KB7282 - Is IPSec traffic Being Blocked?

• Yes - Clear whatever is blocking IPSec and try establishing the tunnel again. 
• No   - Continue with Step 4

 Is the NetScreen-Remote VPN Client Active?  For assistance, see KB5695 - How to disable or enable the NetScreen-Remote (NSR) VPN Client?

• Yes - Continue with Step 5
• No   - Activate the NetScreen-Remote Client and try establishing the tunnel again. 

 Is the Security Policy configured to "Only Connect Manually"?  For assistance, see KB9510 - Does “Only Connect Manually” need to be configured in the Juniper NetScreen-Remote Client?

• Yes - You must manually connect before traffic will be allowed to the local LAN on the other side of the tunnel.  To connect manually, refer to KB9510
• No   -  Continue with Step 6

 Are there IKE Phase 1 or Phase 2 messages (corresponding with this Dial-up VPN) in the Firewall's Event Logs?  For assistance, see KB4426 - How do I find the VPN entry in the Event Log?

• Yes - see KB9224 - How to Troubleshoot a Dial-Up VPN that will not come active
• No   - Continue with Step 7

 If the VPN connection is still not working, reboot the PC again. JTAC has found that a second reboot is occasionally required after the installation or upgrade of NSR. 

• If rebooting the PC did not resolve the problem continue with Step 8

 Does the same NetScreen Remote configuration (SPD file) work on another PC?  (Use File > Export Security File to export the SPD from your PC, and use File > Import Security File to import the SPD file on another PC.)

• Yes - The problem has been isolated to an issue on the original PC or the original PC's network environment.  Compare the differences between the two and make the appropriate changes.  
• No  - Continue with Step 9

 Collect the NetScreen Remote logs and open a case by either calling in to Juniper Networks Technical Assistance Center at 888-314-JTAC (5822) or login to the Case Management tool via the Juniper support site at: Case Management and click on the "Create a Case" link.

• For assistance with collecting log information, see KB9395 - What information should  be collected for a Dial-Up VPN that won't come up?

Category Description

By Product » Hardware » Firewalls
By Product » Hardware » Firewalls » NetScreen Firewall/IPSec VPN
By Product » Software » Network Operating Systems
By Product » Software » Network Operating Systems » ScreenOS Software

Purpose

Troubleshooting

Related Articles

Related Links

• KB9224 - How to Troubleshoot a Dial-Up VPN that will not come active

Related Files