I was trying to connect a VPN between a Juniper SSG and Sonicwall firewall.
Phase 1 came up ok but I kept getting this message:
Received a notification message for DOI 0 18 INVALID-ID-INFORMATION.
Juniper support says this usually means there is a mismatch in the proxy id or the phase 2 proposal. I confirmed with screenshots that both matched on the other side. I logged a call with Juniper and found we needed to set a further option "Local ID". This was because my Juniper is behind a NAT. It is behind another firewall. We need to fill in the local ID with the public IP address of the Juniper. This was strange because I have other VPNs with other vendors (Cisco/Juniper) and this option is not filled in yet the VPNs work. It may be a specific issue related to Juniper <-> Sonicwall VPNs.
GUI
The setting can be found under VPNs -> AutoKey Advanced -> Gateway
Edit the gateway that is having the issue -> Advanced -> Local ID
Fill in the Public IP address of YOUR firewall
CLI
set ike gateway "GWName-12-34-56-789" address 12.34.56.789 Main local-id "200.100.100.100" outgoing-interface "ethernet0/2" preshare "*********" proposal "pre-g2-3des-sha-86400"
No comments:
Post a Comment