SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Juniper Secure Connect - invalid preshared key!

    Posted 09-14-2021 19:58
    Hi all,

    I have two SRX1500 and I have been able to configures several profiles for Juniper Secure Connect (JSC) in one of them. However, I'm trying to do the same in the second SRX and I get this error (complete log from JSC):


    Full log from Juniper Secure Connect:
    15/09/2021 00:00:33 - MONITOR: Configuration download - Start configuration download (host: 10X.XXX.XXX.XXX realm: default)
    15/09/2021 00:00:35 - MONITOR: Configuration download - Login success
    15/09/2021 00:00:35 - MONITOR: Configuration download - Configuration time not changed
    15/09/2021 00:00:35 - MONITOR: Configuration download - Logout success
    15/09/2021 00:00:35 - MONITOR: Configuration download - Logout - no new configuration imported
    15/09/2021 00:00:36 - SUCCESS - MONITOR: Configuration download -> Configuration is up to date
    15/09/2021 00:00:36 - MONITOR: Configuration download -> Save credentials for "user1"
    15/09/2021 00:00:36 - INFO - MONITOR: Configuration download -> Start vpn connection
    15/09/2021 00:00:36 - System: Setting NCP virtual adapter linkstatus=0,laststate=0.
    15/09/2021 00:00:36 - ncpadapter: reset IP adapter properties
    15/09/2021 00:00:36 - ncpadapter: reset ipv4 properties,ip4adr=0.0.0.0
    15/09/2021 00:00:36 - ncpadapter: reset_ip4_properties, manual=0
    15/09/2021 00:00:36 - System: DNSHandling=0
    15/09/2021 00:00:36 - IPSec: Start building connection
    15/09/2021 00:00:36 - IpsDial: connection time interface choice,LocIpa=10.10.8.63,AdapterIndex=208
    15/09/2021 00:00:36 - Ike: Opening connection in PATHFINDER mode : Remote_JSC
    15/09/2021 00:00:36 - Ike: Outgoing connect request AGGRESSIVE mode - gateway=10X.XXX.XXX.XXX : Remote_JSC
    15/09/2021 00:00:36 - Ike: ConRef=16, XMIT_MSG1_AGGRESSIVE, name=Remote_JSC, vpngw=10X.XXX.XXX.XXX:500
    15/09/2021 00:00:36 - ike_phase1:send_id:ID_USER_FQDN:pid=0,port=0,juniper@edu.juniper.net
    15/09/2021 00:00:36 - Ike: ConRef=16, Send NAT-D vendor ID,remprt=500
    15/09/2021 00:00:36 - Ike: ConRef=16, RECV_MSG2_AGGRESSIVE, adapterindex=208,name=Remote_JSC, remote ip:port=10X.XXX.XXX.XXX:500,local ip:port=10.10.8.63:10952
    15/09/2021 00:00:36 - Ike: IKE phase I: Setting LifeTime to 28800 seconds
    15/09/2021 00:00:36 - Ike: Turning on XAUTH mode - Remote_JSC
    15/09/2021 00:00:36 - Ike: IkeSa1 negotiated with the following properties -
    15/09/2021 00:00:36 - IPSec: Final Tunnel EndPoint is=10X.XXX.XXX.XXX
    15/09/2021 00:00:36 -   Authentication=XAUTH_INIT_PSK,Encryption=AES,Hash=SHA_256,DHGroup=19,KeyLen=256
    15/09/2021 00:00:36 - Ike: Remote_JSC ->Support for NAT-T version - 9
    15/09/2021 00:00:36 - Ike: Turning on NATD mode - Remote_JSC - 1
    15/09/2021 00:00:36 - Ike: ConRef=16, Remote peer is a Juniper Networks
    15/09/2021 00:00:36 - Ike: ike_phase1:recv_id:ID_IPV4_ADDR:pid=0,port=0,10X.XXX.XXX.XXX
    15/09/2021 00:00:36 - ERROR - 4028: IKE(phase1)- RECV-MSG2-AGGR-PSK with wrong preshared key Remote_JSC.
    15/09/2021 00:00:36 - Ike: phase1:name(Remote_JSC) - ERROR - INVALID_HASH_INFORMATION
    15/09/2021 00:00:36 - IPSec: Disconnected from Remote_JSC on channel 1.
    15/09/2021 00:00:46 - Ike: phase1:name() - incoming connect request.
    15/09/2021 00:00:46 - Ike: ConRef=17, RECV_MSG1_AGGRESSIVE, name=, vpngw=10X.XXX.XXX.XXX:500
    15/09/2021 00:00:46 - Ike: phase1:name() - ERROR - NO_PROPOSAL_CHOSEN
    15/09/2021 00:00:56 - Ike: phase1:name() - incoming connect request.
    15/09/2021 00:00:56 - Ike: ConRef=18, RECV_MSG1_AGGRESSIVE, name=, vpngw=10X.XXX.XXX.XXX:500
    15/09/2021 00:00:56 - Ike: phase1:name() - ERROR - NO_PROPOSAL_CHOSEN
    ​


    How can the preshared key be wrong if it cannot be configured in the JSC profile? Any advice or ideas please?

    Thank you in advance.

    Best regards


  • 2.  RE: Juniper Secure Connect - invalid preshared key!

    Posted 07-24-2022 12:44
    In my case culprit was a preshared key with special characters in it. Changing the key to one containing only letters and numbers helped.

    Kind regards,
    Pawel Mazurkiewicz

    ------------------------------
    Pawel Mazurkiewicz
    ------------------------------