Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Is IPsec traffic being blocked?

0

0

Article ID: KB7282 KB Last Updated: 15 Dec 2017Version: 8.0
Summary:

The dial-up Client is unable to connect to the firewall. Something might be blocking the VPN traffic.

Symptoms:

The dial-up client is unable to connect to the firewall. IPsec traffic might be blocked at the client site by the PC's firewall, a router, NAT device, or ISP.

 

Solution:

Try the following steps to resolve the issue:

  • If the PC has a personal firewall, temporarily disabling it to check if it is blocking the IPsec traffic.

  • For NAT Traversal to work, UDP port 500, UDP port 4500, and IP Protocol 50 must be allowed through on the router upstream from the Juniper firewall.  The UDP ports are for IKE negotiations and IP Protocol 50 is for the IPsec traffic itself. Make sure that nothing is blocking the ports. You may have to call your ISP to have them unblock them.

  • Enable NAT traversal on both ends of the tunnel.

  • If the network has a Linksys router, check the version of the Linksys router.  Linksys routers had some issues with version 2.3.8.1  Linksys router version 2.4.0.2 reported successful results, which allows NAT traversal IPsec packets to pass through.

    Note: Ensure that IPsec Passthrough is disabled on the Linksys router.  IPsec Passthrough will break the NAT Traversal functionality.


For more information, refer to KB5671 - What Ports Are Used for a Virtual Private Network (VPN)?

Modification History:
2017-12-07: Article reviewed for accuracy. No changes made. Article is correct and complete.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search