Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

9620C VPN to SSG5

Status
Not open for further replies.
jhengel

jhengel

Vendor
Apr 26, 2012
119
US
Hello all,

Have done a couple hundred 9620's being pinned to ASA's but not very use to the Juniper side. Have a 9620C going to an SSG5 on IP Office R8.1.69. Getting unrecognized peer gateway message. Have verified the email address for Ike ID against the Juniper and simplified passwords down to eliminate possible typos. Any ideas?

Server: Public IP of SSG5 (blocked for security reasons)
Phone: 192.168.1.240
Call Server: 192.168.1.50
Router: 10.0.2.1
Mask: 255.255.255.0
Http Server: 192.168.1.50
User Name: boyer3
Password: building1
Group Name: Boyer3@****.com (changed for security reasons)
Group PSK: building
Encapsulation 4500-4500
IKE ID Type: User-FQDN
Diffie-Hellman Grp 2
Encryption Alg: ANY
Authentication Alg: ANY
IKE Xchg Mode: Aggressive
IKE Config Mode: Enable
Xauth Enable
IPSec Parameters: DH2-ANY-ANY
Encryption Alg: ANY
Authentication Alg: ANY
Diffie-Hellman Grp 2
Protected Net:
Remote Net #1: 0.0.0.0/0 Access to all private nets
File Srvr: 192.168.1.50
Copy TOS: No
 
Sort by date Sort by votes
There is a document for the ssg5.
It will show up on google.


BAZINGA!

I'm not insane, my mother had me tested!

 
Upvote 0 Downvote
To clarify:

Getting unrecognized peer gateway on the Juniper when setup following the guide. Getting phase 1 no response on the 9620C
 
Upvote 0 Downvote
For testing purposes I would consider using a simple word for the group name as oppose to an email address, see what that gives :)



"No problem monkey socks
 
Upvote 0 Downvote
Unfortunately the same result - I have seen these 9620's hate symbols in the past but was not the case here.

Thank you for the suggestion. Initial phase 1 packet arrived from an unrecognized peer gateway still the error message present
 
Upvote 0 Downvote
Failing phase 1 is basically your juniper setup and phone setup are not the same.
Assuming that all of your setup in the junipers is correct for the vpn tunnel and group name and user - I would renter the user password in juniper and save.
At least it was the user password in the juniper user that foiled me for a bit causing phase 1 issues.

Also why is your local router set to a different subnet than the ip address of your ip phone?
Should be all zeros for phone and router and mask if using dhcp or at least in the same local network if static.

Phone: 192.168.1.240
Router: 10.0.2.1
Mask: 255.255.255.0

 
Upvote 0 Downvote
I had it as 192.168.1.1 (which is the on-site router where the IPO is) but during the tunneling process it changed to my local router at the remote network of 10.0.2.1

I tried changing both the psk and user passwords to:

building1

To make sure we had matching passwords and still no luck :-(
 
Upvote 0 Downvote
Going to pull in Juniper tech support - does anyone have any other ideas?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

WirSysPlus
  • Locked
  • Question
VPN hardware
Replies
0
Views
320
WirSysPlus
WirSysPlus
AldoLT
  • Locked
VPN J179
Replies
1
Views
916
DrB0b
DrB0b
Mo. Abdullah
  • Locked
  • Question
IP Office : No Audio with Avaya Communicator Softphone using VPN client connection 3
Replies
8
Views
1K
Mo. Abdullah
Mo. Abdullah
Hazem101
  • Locked
  • Question
Avaya Communicator Softphone using VPN client connection working will but with no Audio.
Replies
1
Views
373
Mo. Abdullah
Mo. Abdullah
dsm600rr
  • Locked
  • Question
Avaya J100 over Site-to-Site VPN, "SIP Proxy List is Empty" 2
Replies
1
Views
578
dsm600rr
dsm600rr

Part and Inventory Search

Sponsor

Back
Top