Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to ensure the Proxy-ID is Disabled in the Phase 2 Advanced VPN Settings.

0

0

Article ID: KB9477 KB Last Updated: 10 Jun 2010Version: 3.0
Summary:
Policy-Based VPN message "Phase 2 Error – Mismatched Proxy/Peer IDs" can be caused by incorrectly enabling the Proxy-ID field in the Advanced settings of the AutoKey IKE (Phase 2) on the firewall.  If the Proxy-ID field is selected, the specified Local IP and Remote IP could be over-riding the policy settings.
Symptoms:

Environment:

A VPN has successfully passed Phase 1, but Phase 2 fails.

Symptoms & Errors

  • Data is not passing through the VPN
  • Incoming policy is defined to allow the Dial-Up VPN to access the internal network
  • Netscreen Remote Client does not have a gold key in taskbar window
  • Phase 2: No policy exists for the proxy ID received: local ID  (<ip_address> / <subnet_mask>,<0>, <0>) remote ID (<ip_address> / <subnet_mask>, <0>,  <0>).
Solution:

If Phase 1 passes and Phase 2 fails with message in the event log (as indicated above) it could indicate that the incoming policy does not match the settings the client is sending over, or vice versa.

  1. In the WebUI, select VPNs > AutokeyIKE. Then edit the appropriate VPN.
  2. Click on the Advanced button at the bottom of the page.
  3. On the Advanced screen, check the Proxy-ID field to ensure that it is not selected. 

    proxy id check box

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search