Hi,
Trying to setup a multi-site VPN between Azure and Juniper SSG5 Firmware version 6.3.0r17.0.
Juniper logs show an information message with:
IKE V2 104.45.138.88: Received a notification message for 16389 NOTIFY_MSG_NAT_DETECTION_DESTINATION_IP.
IKE V2 104.45.138.88: Received a notification message for 16388 NOTIFY_MSG_NAT_DETECTION_SOURCE_IP.
Can't figure out where the NAT is happening and believe this is the problem. Here is snip it from the configuration:
set zone "Untrust" vrouter "trust-vr"set zone id 100 "CORP"
set zone "Untrust-Tun" vrouter "trust-vr"
set interface "ethernet0/1" zone "CORP"
set interface "ethernet0/6" zone "Untrust"
set interface "bgroup0" zone "Trust"
set interface "tunnel.1" zone "Untrust"
set interface bgroup0 route
set interface tunnel.1 ip unnumbered interface ethernet0/6
set ike gateway ikev2 "Azure Gateway" address 104.45.138.88 outgoing-interface "ethernet0/6" preshare "********" sec-level compatible
set ike respond-bad-spi 1
set ike gateway ikev2 "Azure Gateway" auth-method self preshare peer preshare
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set vpn "AzureVPN" gateway "Azure Gateway" no-replay tunnel idletime 0 sec-level compatible
set vpn "AzureVPN" monitor
set vpn "AzureVPN" id 0x2 bind interface tunnel.1
unset interface tunnel.1 acvpn-dynamic-routing
set url protocol websense
set vrouter "untrust-vr"
set vrouter "trust-vr"
unset add-default-route
set route 172.20.0.0/24 interface tunnel.1
set vrouter "untrust-vr"
set vrouter "trust-vr"