Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What is the purpose of the CLI Command: set ike accept-all-proposal?

0

0

Article ID: KB6743 KB Last Updated: 25 Aug 2010Version: 3.0
Summary:
What is the purpose of the CLI Command: set ike accept-all-proposal?
Symptoms:
IKE Phase 1 negotiations fail - "Proposal Mismatch" error message in event log IKE Phase 2 negotiations fail - "No proposal Chosen" error message in event log What is the purpose of the "set IKE accept-all-proposal"  CLI command?
Solution:

The " color="blue">set ike color="blue">accept-all-proposal" may be used when an administrator has no access or information about the VPN configuration of the device at the remote end.

This CLI command should be used with caution as it may lessen the VPNsecurity.  Once enabled this command is set for all  IKE gateways configured on the implemented NetScreen device.  We recommend this command be used temporarily to determine the P1 & P2 proposals used to establish VPN tunnel in question.  Once that information is obtained, we highly suggest disabling that feature.

In order to determine what proposal was accepted during the IKE Phase 1 negotiations, please use the following CLI command: color="blue">get ike color="blue">cookie [Enter]

To determine the IKE Phase 2 proposal, use the following CLI command : color="blue">get sa  color="blue">[Enter]

Once the P1 & P2 proposals have been determined from the established VPN tunnel, reconfigure the IKE gateway with the matching  P1 proposal and the matching VPN tunnel P2 proposal, then "disable" this command by entering: color="blue">unset ike color="blue">accept-all-proposal [Enter]

Here is the problem or goal:

  • What is the purpose of the "set IKE accept-all-proposal"  CLI command?

Problem Environment:

  • IKE Phase 1 negotiations fail - "Proposal Mismatch" error message in event log
  • IKE Phase 2 negotiations fail - "No proposal Chosen" error message in event log

Applicable Products:

  • NetScreen-5
  • NetScreen-5XP
  • NetScreen-5XT
  • NetScreen-5GT
  • NetScreen-10
  • NetScreen-25
  • NetScreen-50
  • NetScreen-100
  • NetScreen-204
  • NetScreen-208
  • NetScreen- 500
  • NetScreen-1000
  • NetScreen-5200
  • NetScreen-5400
  • NetScreen-Remote


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search