Problems: VPNs whit Netscreen 500

Hi all, I administer a Netscreen 500 (firmware 5.0.0r4.0) and I have some problems with VPN-IPSEC instauration between the apppliance and my Netscreen-Remote-Client. Phase 1 instauration VPN often hasn't success and int the logs of my client I read that: ...... ...... 7-14: 14:54:32.570 My Connections\\LAN - Initiating IKE Phase 1 (IP ADDR=xxx.xx.xx.x) 7-14: 14:54:33.942 My Connections\\LAN - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 5x) 7-14: 14:54:48.984 My Connections\\LAN - message not received! Retransmitting! 7-14: 14:54:48.984 My Connections\\LAN - SENDING>>>> ISAKMP OAK AG (Retransmission) 7-14: 14:55:04.006 My Connections\\LAN - message not received! Retransmitting! 7-14: 14:55:04.006 My Connections\\LAN - SENDING>>>> ISAKMP OAK AG (Retransmission) 7-14: 14:55:19.087 My Connections\\LAN - message not received! Retransmitting! 7-14: 14:55:19.087 My Connections\\LAN - SENDING>>>> ISAKMP OAK AG (Retransmission) 7-14: 14:55:34.109 My Connections\\LAN - Exceeded 3 IKE SA negotiation attempts ..... ..... while the log file of Netscreen saids: . .. Jul 14 09:22:24 10.10.0.2 ns500-A: NetScreen device_id=ns500-A [Root]system-information-00536: IKE Phase 1: Responder starts AGGRESSIVE mode negotiations. (2004-07-14 09:19:52) . .. Jul 14 09:22:39 10.10.0.2 ns500-A: NetScreen device_id=ns500-A [Root]system-information-00536: IKE Phase 1: Responder starts AGGRESSIVE mode negotiations. (2004-07-14 09:20:08) . .. Jul 14 09:23:22 10.10.0.2 ns500-A: NetScreen device_id=ns500-A [Root]system-information-00536: IKE Phase 1: Aborted negotiations because the time limit has elapsed. (11180f/5) (2004-07-14 09:20:51) . .. Jul 14 09:23:42 10.10.0.2 ns500-A: NetScreen device_id=ns500-A [Root]system-information-00536: IKE Phase 1: Aborted negotiations because the time limit has elapsed. (110f/5) (2004-07-14

09:21:11) . .. Now, if I reboot my firewall, all works properly. I read this is the only solution for this bug....It's true? It's very boring and inconvenient if the only soution is the restart of device. If anyone has an explanation and/or a solution for this problem I will thank him: it's urgent.

Best wishes

Reply to
Panfilo
Loading thread data ...

Try to clear all of your SA's and see if that works. I would also try a manual tunnel instead of an autoIKE to see if that may correct your issue.

-Scott

Panfilo wrote:

Reply to
SA

upgrade firware?

Reply to
Observer

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.