hi guys,
i've created a site2site vpn between our srx340 running junos 17.3R1.10 and an SOPHOS ASG.
3 subnets on my side and on on the other side all defined with Traffic Selectors.
Tunnel comes up fine and traffic is flowing in both directions , unfortunatly is still get this error:
Peer proposed phase2 proposal conflicts with local configuration. Negotiation failed
Config is like this:
ike-policy-1
mode main;
proposals ike-proposal-1;
pre-shared-key ascii-text
ike-proposal-1
authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm sha1;
encryption-algorithm aes-128-cbc;
lifetime-seconds 3600;
ike-gateway
ike-policy ike-policy-1
address **.***.***.***
external-interface reth1.1;
version v1-only;
ipsec proposal ipsec-proposal-1
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-256-cbc;
lifetime-seconds 3600;
vpn vpn-1
bind-interface st0.2;
ike {
gateway ike-gateway-1;
ipsec-policy ipsec-policy-1;
}
traffic-selector TS1 {
local-ip 100.100.0.0/16;
remote-ip 192.168.50.0/24;
}
traffic-selector TS2 {
local-ip 110.100.0.0/16;
remote-ip 192.168.50.0/24;
}
traffic-selector TS3 {
local-ip 172.21.49.0/24;
remote-ip 192.168.50.0/24;
}
establish-tunnels immediately;
}
how to fix this or is this a bug?