Netscreen/Juniper: IKE Phase 2 message: Could not check for a policy because the ID mode was set to IP or policy checking was disabled

Problem:

When the local security device received an IKE Phase 2 message from the specified peer, it could not check for a policy because the ID mode was set to IP or policy checking was disabled. If the ID mode is set to IP, the remote peer does not send the proxy ID payload when initiating a Phase 2 session. The proxy ID consists of the local end entity’s IP address and netmask, protocol, and port number, as well as those items for the remote end entity. Consequently, the local peer cannot use the information in the proxy ID to match the information in a local policy. If policy checking is disabled for IKE traffic with the specified peer, the IKE module builds security association (SA) without verifying the policy configuration.

Verify if this behavior is intended. If not, set the ID mode to subnet (set IKE ID mode subnet) and enable policy checking ( set IKE policy checking ).

Lösung:

set ike policy-checking

einschalten

  • Automatische Verlinkung von Zahlenketten wie Telefonnummern verhindern

  • Serverfehler 500 nach dem Umzug eines WordPress Webs vom Hauptaccount in ein Unteraccount bei all-inkl.de
  • SPAM EXPERTS: Is there a block list rules limitation?
  • SPAM EXPERTS: Mails mit der Funktion Aktionen anpassen weiterbehandeln (Customize actions)
  • SPAM EXPERTS: DMARC und SPF abschalten
  • All-inkl.com: Anzahl von WordPress Web in einem Account
  • WordPress: Block auf volle Seitenbreite zwingen