Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What is causing the Phase 2 error: Mismatched Proxy ID or Peer ID when connecting through my client VPN?

0

0

Article ID: KB9444 KB Last Updated: 11 Dec 2012Version: 7.0
Summary:
Receiving the Phase2 error “Mismatched Proxy ID or Peer ID” when trying to connect to the office using NetScreen Remote VPN Client.  The error is typically caused by a mismatched configuration between the Client and the Firewall.  The steps listed below will assist in troubleshooting the issue.
Symptoms:
The NetScreen Remote VPN Client is not coming up, it is failing in Phase 2 with error messages regarding a Mismatched Proxy ID or Peer ID.
Solution:

To view the flowchart for the steps listed below, select this link:  KB9444 Flowchart

The following steps will assist in troubleshooting the Mismatched Proxy ID or Peer ID error. 

Step 1.  Is this a Policy-Based VPN?  For further assistance, see KB4124 - Policy-Based VPN vs. Route-Based VPN. Which one do I have configured?

  • Yes - Skip to Step 3
  • No   - Continue with Step 2

Step 2.  Do the Proxy ID settings in the AutoKey IKE Advanced page on the Firewall match the Remote Party Identity settings of the NetScreen Remote?

Step 3.  What is the policy ID number of the policy that is being used for the VPN.  For assistance, see KB9478 - How to Obtain the Policy ID Number for the VPN's Policy

  • Record Policy ID information for use in a later step. Continue with Step 4.

Step 4.  Does the remote ID, local ID, and server ID in the error message match what is in the Firewall's policy and the NetScreen Remote Client's configuration? 

Step 5.  Does the Address book object entry in the Firewall's policy match the values defined in the Address book? 

Step 6.  Is the "Proxy ID" option, in the AutoKey IKE's Advanced page, deselected? 

Step 7. Collect the logs from the Firewall and the NetScreen Remote Client and open a new case with the Juniper Technical Assistance Group.  For assistance, see KB9395 - What Information Should Be Collected for a Dial-Up VPN That Won't Come Up ?

Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search