Knowledge Search


How to Troubleshoot a Dial-Up VPN that will not come active

  [KB9224] Show Article Properties


This article will help determine the cause when a Dial-Up VPN does not come up.  A Dial-Up VPN is one between a PC using the NetScreen Remote (NSR) Client software and a Juniper firewall. 


To view the flowchart for the steps listed below, select this link:  KB9224 Flowchart

Use the following steps to assist with resolving the Dial-Up VPN Tunnel issue:

Step 1.  Is the VPN Tunnel a Dial-Up VPN?  A Dial-Up VPN is between a Juniper Firewall and a client PC that is running the Juniper VPN software. A Site-to-Site VPN is one that is between two Juniper Firewalls or a Juniper Firewall and an OEM VPN device.  

Step 2. Is the VPN Tunnel's SA active?  For assistance, see: KB6134 - How do I tell if a VPN Tunnel SA (Security Association) is active?.

Step 3. Are there any IKE Phase 1 or 2 for this VPN Tunnel in the Event Logs?  For assistance,see: KB4426 - How Do I Find the VPN Entries in the Event Log?.

  • Yes - Jump to Step 5
  • No   - Continue with Step 4

Step 4. Are there any messages in the NetScreen Remote VPN Client Log Viewer? For assistance, see KB9396 - How to View and Analyze the Messages in the NetScreen Remote VPN Client Log Viewer.

 Step 5. Are there IKE Phase 2 error messages in the Event Logs in the Firewall?

Step 6. Are there IKE Phase 1 error messages in the Event Logs in the Firewall?

Step 7. Collect NetScreen Remote and NS Firewall logs then open a case with Juniper Technical Support.  Refer to the following link for information on how to gather logs and the necessary documentation required for Juniper Technical Support to resolve this issue: KB9395 - What Information Should I collect for a Dial-Up VPN That Won't Come Up?.

Related Links: