Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What is causing the Phase 2 error: Mismatched Proxy ID or Peer ID when connecting through my Site-to-Site VPN?

0

0

Article ID: KB9517 KB Last Updated: 11 Aug 2010Version: 5.0
Summary:
The Phase 2 error: Mismatched Proxy ID or Peer ID is typically caused by a mismatched configuration between the VPN devices.  The steps listed below will assist in troubleshooting the issue.
Symptoms:
VPN is not coming up, it is failing in Phase 2 with error messages regarding a Mismatched Proxy ID or Peer ID.
Solution:

To view the flowchart for the steps listed below, select this link:  KB9517 Flowchart

Step 1.  Is this a Policy-Based VPN?  For further assistance, see KB4124 - Policy-Based VPN vs. Route-Based VPN. Which one do I have configured?

  • Yes -Jump to Step 3
  • No   - Continue with Step 2

Step 2.  Do the Proxy ID settings in the AutoKey IKE Advanced page on the Firewall match the Proxy ID settings in the AutoKey IKE Advanced page on the Peer Firewall ?

Step 3. What is the policy ID number of the policy that is being used for the VPN.  For assistance, see KB9478 - How to Obtain the Policy ID Number for the VPN's Policy

  • Record Policy ID information for use in a later step. Continue with Step 4.

Step 4.  Does the remote ID, local ID, and server ID in the error message match what is in the Local Firewall's policy and the Remote Firewall's policy configuration? 

Step 5.  Does the Address book object entry in the Firewall's policy match the values defined in the Address book? 

Step 6.  Is the "Proxy ID" option, in the AutoKey IKE's Advanced page, deselected? 

Step 7. Collect the logs from the Firewall and the NetScreen Remote Client and open a new case with the Juniper Technical Assistance Group.  For assistance, see KB9229 - What information should I collect for a Site-to-Site VPN that won’t come up?

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search