Recent content by nkew

Hi John, I think I'm too tired to be thinking about this now! About to call it a night (it's 1:37am!) and look at it afresh tomorrow. The tunnel still isn't coming up and my rules don't contain any reference to 10.10.1.0/24 in the dropdown.. I can only select 'Any' and 'Dial up VPN' Thanks...

Thanks John, One last one ... Shuold 'Vodafone Handset Range #1' 10.10.1.0/24 be in VPN Group rather than Untrust?

Great stuff, trying to add the rules now... When I try to add 'Trust' to VPN', there's no tunnel interface available in the 'Tunnel' dropdown list. Nick

Here it is: set clock timezone 0 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set vrouter name "VR-NEW" id 1025 unset vrouter "VR-NEW" nsrp-config-sync set vrouter "VR-NEW" unset auto-route-export exit set service "RTP_XLITE"...

Hi John, I'm pretty sure it's a Cisco PIX on the other end. 2007-12-21 00:17:23 info IKE<212.183.134.35> Phase 2: No policy exists for the proxy ID received: local ID (<192.168.1.0>/<255.255.255.0>, <0>, <0>) remote ID (<10.10.1.0>/<255.255.255.0>, <0>, <0>). ns25-> get db str ## 2007-12-21...

Hi John, Sadly, I don't have access to the Vodafone firewall. Change requests typically take around 7 days to complete on their end. Doesn't look as if I've added a proxy-id. Could you advise as I'm not 100% sure what to put here: Proxy-ID Local IP / Netmask / Remote IP /...

Here's the output... ns25-> undebug all ns25-> get db str ## 2007-12-20 23:27:28 : IKE<212.183.134.35> ****** Recv kernel msg IDX-0, TYPE- 5 ****** ## 2007-12-20 23:27:28 : IKE<212.183.134.35> ****** Recv kernel msg IDX-0, TYPE-...

Hi John, I disabled VPN monitor and did another debug... there was no output. Is this expected? Nick

Also, I don't have access to the Voda router. Nick

The only thing I have changed in Autokey IKE is 'Bind to' from 'none' to tunnel.2 Nick

Is this any better? ns25-> get db str ## 2007-12-20 23:01:12 : IKE<212.183.134.35> ****** Recv kernel msg IDX-0, TYPE-5 ****** ## 2007-12-20 23:01:12 : IKE<212.183.134.35> ****** Recv kernel msg IDX-0, TYPE-5 ****** ## 2007-12-20 23:01:12 : IKE<212.183.134.35> sa orig index<0>, peer_id<1>. ##...

John, This is great - I can't thank you enough for your help. Here's the output from your commands. ns25-> get int tun.2 Interface tunnel.2: description tunnel.2 number 20, if_info 4176, if_index 2, mode route link ready vsys Root, zone VPN Zone, vr trust-vr admin mtu 1500...

I should point out the following error message on the Netscreen also... Vodafone end... IKE<212.xxx.xxx.35> Phase 1: Retransmission limit has been reached.

Hi John, I made that change and also set tunnel.2 to unnumbered interface (Ethernet-3 Untrust) I then re-created the two policies VPN Zone To Untrust VPN Zone To Trust I also re-added my two static routes (remote networks) 10.10.1.0 10.10.2.0 through the tunnel. I can't seem to establish...

Hi John, I have posted the config below: set clock timezone 0 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set auth...