Skip to main content

IKE Identity Failure

(2015-03-26)

Problem

Phase 1 connects then drops seconds later.

In the trace options, you see the message:

iked_pm_id_validate id NOT matched.

...after the message identifying that Phase 1 is up.

Solution

The remote side is using IPs as peer-IDs (note: different from phase-2 proxy-IDs) and you probably don't have any peer-IDs defined.

If you have Junos 11.4R5 or later, the correct option to add is:

set security ike gateway $GATEWAY general-ikeid

Or you can define the ike-ID properly.