Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ARCHIVE] How to Troubleshoot a Dial-Up VPN that Won't Come Up and No Messages are reported in the Log Viewer

0

0

Article ID: KB9452 KB Last Updated: 04 Dec 2017Version: 7.0
Summary:
This article addresses troubleshooting a NetScreen Remote VPN Client that can't connect to the firewall, and there are no messages in the Log Viewer.
Symptoms:
When trying to set up a Dial-Up VPN using the NS-Remote Client, it does not come active and it is not showing any IKE Phase 1 or Phase 2 messages in the Log Viewer of the NS-Remote Client.
Solution:

To view the flowchart for the steps listed below, select:  KB9452 Flowchart

Follow the steps in order until either the issue is resolved or a case is opened with the Juniper Technical Assistance Group:

Step 1. Are you using the latest version of NetScreen-Remote? Consult: KB6161 - Determining the version of NS-Remote

  • Yes - Continue with Step 2
  • No   - In most cases, it is recommended to run the latest version of NetScreen-Remote Client. Please consult the Release Notes for the latest version to determine if an upgrade is possible. Release Notes are located at: NetScreen-Remote Technical Documentation 

Step 2. Is the NS-Remote installed on a supported platform?  For assistance, see KB8343 - Which version of Windows will support the NetScreen Remote client? .

  • Yes - Continue with Step 3
  • No   - Install the NetScreen Remote VPN Client software on a PC that is using one of the approved operating systems.

Step 3. Is there something on the NetScreen Remote Client PC or at the NetScreen Remote Client site that is blocking VPN packets?  See KB7282 - Is IPSec traffic Being Blocked?

  • Yes - Clear whatever is blocking IPSec and try establishing the tunnel again. 
  • No   - Continue with Step 4

Step 4. Is the NetScreen-Remote VPN Client Active?  For assistance, see KB5695 - How to disable or enable the NetScreen-Remote (NSR) VPN Client?

  • Yes - Continue with Step 5
  • No   - Activate the NetScreen-Remote Client and try establishing the tunnel again. 

Step 5. Is the Security Policy configured to "Only Connect Manually"?  For assistance, see KB9510 - Does “Only Connect Manually” need to be configured in the Juniper NetScreen-Remote Client?

  • Yes - You must manually connect before traffic will be allowed to the local LAN on the other side of the tunnel.  To connect manually, refer to KB9510
  • No   -  Continue with Step 6

Step 6. Are there IKE Phase 1 or Phase 2 messages (corresponding with this Dial-up VPN) in the Firewall's Event Logs?  For assistance, see KB4426 - How do I find the VPN entry in the Event Log?

Step 7. If the VPN connection is still not working, reboot the PC again. JTAC has found that a second reboot is occasionally required after the installation or upgrade of NSR. 

  • If rebooting the PC did not resolve the problem continue with Step 8

Step 8. Does the same NetScreen Remote configuration (SPD file) work on another PC?  (Use File > Export Security File to export the SPD from your PC, and use File > Import Security File to import the SPD file on another PC.)

  • Yes - The problem has been isolated to an issue on the original PC or the original PC's network environment.  Compare the differences between the two and make the appropriate changes.  
  • No  - Continue with Step 9

Step 9. Collect the NetScreen Remote logs and open a case by either calling in to Juniper Networks Technical Assistance Center at 888-314-JTAC (5822) or login to the Case Management tool via the Juniper support site at: Case Management and click on the "Create a Case" link.

Modification History:
2017-11-14: Archiving as NetScreen Remote is EOL.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search