Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] Single Service VPN with NetScreen Remote

0

0

Article ID: KB4834 KB Last Updated: 31 Aug 2010Version: 3.0
Summary:
Single Service VPN with NetScreen Remote
Symptoms:

Solution:

Under certain circumstances, NetScreen Remote will not successfully negotiate a VPN tunnel with a single service set.

The work around for this issue is to set the NetScreen Remote side to All services, and create a Custom Service Group on the NetScreen device side, with the single service you wish to use in it, along with a second service, such as Ping.  You will receive a warning on the NetScreen stating that it will negotiate a VPN for all protocols, which is what we want it to do, in order to match the setting on the NetScreen Remote.

The VPN will negotiate with an Phase 2 IKE ID of "Any" protocol, but the NetScreen device will still enforce policy on the traffic and only those permitted in the Custom Service Group will pass.

Here is the problem or goal:

  • NetScreen Remote Fails IKE Phase 2
  • NetScreen Remote set to a single service
  • NetScreen Remote not set to service "All"
  • NetScreen Dial-up VPN Policy set to a single service

Causes of this problem:

  • IKE ID's do not match
  • Weird quirk in NetScreen Remote fails to negotiate a single service tunnel.

Applicable Products:

  • NetScreen-Remote

Applicable Software Versions:

  • 5.0
  • 5.1.3
  • 7.0
  • 7.1
  • 8.0
  • 8.1


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search