SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Juniper Secure Connect - invalid preshared key!

  • 1.  Juniper Secure Connect - invalid preshared key!

    Posted 09-14-2021 19:58
    Hi all,

    I have two SRX1500 and I have been able to configures several profiles for Juniper Secure Connect (JSC) in one of them. However, I'm trying to do the same in the second SRX and I get this error (complete log from JSC):


    Full log from Juniper Secure Connect:
    15/09/2021 00:00:33 - MONITOR: Configuration download - Start configuration download (host: 10X.XXX.XXX.XXX realm: default)
    15/09/2021 00:00:35 - MONITOR: Configuration download - Login success
    15/09/2021 00:00:35 - MONITOR: Configuration download - Configuration time not changed
    15/09/2021 00:00:35 - MONITOR: Configuration download - Logout success
    15/09/2021 00:00:35 - MONITOR: Configuration download - Logout - no new configuration imported
    15/09/2021 00:00:36 - SUCCESS - MONITOR: Configuration download -> Configuration is up to date
    15/09/2021 00:00:36 - MONITOR: Configuration download -> Save credentials for "user1"
    15/09/2021 00:00:36 - INFO - MONITOR: Configuration download -> Start vpn connection
    15/09/2021 00:00:36 - System: Setting NCP virtual adapter linkstatus=0,laststate=0.
    15/09/2021 00:00:36 - ncpadapter: reset IP adapter properties
    15/09/2021 00:00:36 - ncpadapter: reset ipv4 properties,ip4adr=0.0.0.0
    15/09/2021 00:00:36 - ncpadapter: reset_ip4_properties, manual=0
    15/09/2021 00:00:36 - System: DNSHandling=0
    15/09/2021 00:00:36 - IPSec: Start building connection
    15/09/2021 00:00:36 - IpsDial: connection time interface choice,LocIpa=10.10.8.63,AdapterIndex=208
    15/09/2021 00:00:36 - Ike: Opening connection in PATHFINDER mode : Remote_JSC
    15/09/2021 00:00:36 - Ike: Outgoing connect request AGGRESSIVE mode - gateway=10X.XXX.XXX.XXX : Remote_JSC
    15/09/2021 00:00:36 - Ike: ConRef=16, XMIT_MSG1_AGGRESSIVE, name=Remote_JSC, vpngw=10X.XXX.XXX.XXX:500
    15/09/2021 00:00:36 - ike_phase1:send_id:ID_USER_FQDN:pid=0,port=0,juniper@edu.juniper.net
    15/09/2021 00:00:36 - Ike: ConRef=16, Send NAT-D vendor ID,remprt=500
    15/09/2021 00:00:36 - Ike: ConRef=16, RECV_MSG2_AGGRESSIVE, adapterindex=208,name=Remote_JSC, remote ip:port=10X.XXX.XXX.XXX:500,local ip:port=10.10.8.63:10952
    15/09/2021 00:00:36 - Ike: IKE phase I: Setting LifeTime to 28800 seconds
    15/09/2021 00:00:36 - Ike: Turning on XAUTH mode - Remote_JSC
    15/09/2021 00:00:36 - Ike: IkeSa1 negotiated with the following properties -
    15/09/2021 00:00:36 - IPSec: Final Tunnel EndPoint is=10X.XXX.XXX.XXX
    15/09/2021 00:00:36 -   Authentication=XAUTH_INIT_PSK,Encryption=AES,Hash=SHA_256,DHGroup=19,KeyLen=256
    15/09/2021 00:00:36 - Ike: Remote_JSC ->Support for NAT-T version - 9
    15/09/2021 00:00:36 - Ike: Turning on NATD mode - Remote_JSC - 1
    15/09/2021 00:00:36 - Ike: ConRef=16, Remote peer is a Juniper Networks
    15/09/2021 00:00:36 - Ike: ike_phase1:recv_id:ID_IPV4_ADDR:pid=0,port=0,10X.XXX.XXX.XXX
    15/09/2021 00:00:36 - ERROR - 4028: IKE(phase1)- RECV-MSG2-AGGR-PSK with wrong preshared key Remote_JSC.
    15/09/2021 00:00:36 - Ike: phase1:name(Remote_JSC) - ERROR - INVALID_HASH_INFORMATION
    15/09/2021 00:00:36 - IPSec: Disconnected from Remote_JSC on channel 1.
    15/09/2021 00:00:46 - Ike: phase1:name() - incoming connect request.
    15/09/2021 00:00:46 - Ike: ConRef=17, RECV_MSG1_AGGRESSIVE, name=, vpngw=10X.XXX.XXX.XXX:500
    15/09/2021 00:00:46 - Ike: phase1:name() - ERROR - NO_PROPOSAL_CHOSEN
    15/09/2021 00:00:56 - Ike: phase1:name() - incoming connect request.
    15/09/2021 00:00:56 - Ike: ConRef=18, RECV_MSG1_AGGRESSIVE, name=, vpngw=10X.XXX.XXX.XXX:500
    15/09/2021 00:00:56 - Ike: phase1:name() - ERROR - NO_PROPOSAL_CHOSEN
    ​


    How can the preshared key be wrong if it cannot be configured in the JSC profile? Any advice or ideas please?

    Thank you in advance.

    Best regards