Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Cannot Use Preshared Key IKE Main Mode with Remote Gateway as Dynamic IP

0

0

Article ID: KB5622 KB Last Updated: 24 Aug 2010Version: 3.0
Summary:
Cannot Use Preshared Key IKE Main Mode with Remote Gateway as Dynamic IP
Symptoms:
Debug ike basic running LAN to LAN Virtual Private Network (VPN) between remote site and central site Remote site has dynamic IP address on the untrust side IKE Preshared secret VPN not working Main mode negotiations failed ## IKE <12.234.94.169> Phase 1: Cannot use a preshared key because the peer gate
way <GW> has a dynamic IP address and negotiations are in Main mode. If using Certificates, Main Mode can be used if Dynamic Gateway is used
Solution:

If one site obtains the IP address on the untrust side dynamically (either via DHCP or PPPoE), IKE negotiations between the remote site and central site needs to be communicating with aggressive mode when using preshared secret.'  Make sure the side with the dynamic IP is initiating IPSec traffic.


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search