[Vpn-help] Shrew Xauth x Netscreen
Paulo Penha
paulopenha at gmail.com
Thu Dec 10 09:17:59 CST 2009
Hi people !
I install and get success in Shrew VPN with Netscreen (Juniper SSG550),
using only Preshared Key.
Now trying to establish VPN using procedure of http://www.shrew.net/support
.
/wiki/HowtoJuniperSsg , Shrew VPN client and Juniper SSG.
but get this messages:
Client Shrew Verssion 2.2.0 log:
user user1 authentication failed
Juniper SSG550 Event log:
IKE<187.89.196.120>: XAuth login failed for gateway <VPN_DIR_GTW>, username
<user1>, retry: 0, timeout: 1.
Rejected an IKE packet on ethernet6/0 from 187.89.196.120:4500 to
10.8.38.2:4500 with cookies 80289756f142712f and f6620d6ca1901e52 because a
Phase 2 packet arrived while XAuth was still pending.
IKE<187.89.196.120> Phase 1: Completed Aggressive mode negotiations with a
<28800>-second lifetime.
Juniper CLI debug IKE:
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > Validate (503): SA/56
KE/132 NONCE/24 ID/27 VID/12 VID/20 VID/20 VID/20 VID/20
## 2009-12-09 17:07:42 : IKE<187.89.225.194 > Receive Id in AG mode,
id-type=2, id=vpn.company.com
## 2009-12-09 17:07:42 : locate peer entry for (2/vpn.company.com), by
identity.
## 2009-12-09 17:07:42 : Found identity<vpn.company.com> in group <3> user
id <11>.
## 2009-12-09 17:07:42 : responder create sa: 187.89.225.194->10.8.38.2
## 2009-12-09 17:07:42 : init p1sa, pidt = 0x0
## 2009-12-09 17:07:42 : change peer identity for p1 sa, pidt = 0x0
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > create peer identity
0883d40dc
## 2009-12-09 17:07:42 : peer identity 83d40dc created.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > EDIPI disabled
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > dh group 2
## 2009-12-09 17:07:42 : locate peer entry for (2/vpn.company.com), by
identity.
## 2009-12-09 17:07:42 : Found identity<vpn.company.com> in group <3> user
id <11>.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > finished job pkaidx <0>
dh_len<128> dmax<64>
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > finished job
d<a76fb5d8><189fc35><c64d5fe6>
<bd34f4a3>
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > from FLOAT port.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > extract payload (72):
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > ikecfg list add attr type
16520, val 0 added, len 0.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > ikecfg list add attr type
16521, val empty string, type <16521> added, len 0.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > ikecfg list add attr type
16522, val empty string, type <16522> added, len 0.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > print ikecfg attribute
payload:
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > next: 0, payloadlength 20,
type 1, identifier 9519.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > basic attr type 16520,
valint 0
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > variable attr type 16521,
vallen 0, valstr empty string, type <16521>
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > variable attr type 16522,
vallen 0, valstr empty string, type <16522>
## 2009-12-09 17:07:42 : IKE<0.0.0.0 >
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > from FLOAT port.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > from FLOAT port.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > print ikecfg attribute
payload:
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > next: 0, payloadlength 33,
type 2, identifier 9519.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > basic attr type 16520,
valint 0
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > variable attr type 16521,
vallen 1280, valstr user
## 2009-12-09 17:07:42 : IKE<0.0.0.0 >
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > ikecfg list add attr type
16520, val 0 added, len 0.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > ikecfg list add attr type
16521, val user added, len 5.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > ikecfg list add attr type
16522, val 1234567 added, len 8.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > ikecfg list add attr type 1,
val 10.8.80.112 added, len 4.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > ikecfg list add attr type 2,
val 255.255.255.255 added, len 4.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > ikecfg list add attr type 3,
val 32.8.4.101 added, len 4.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > ikecfg list add attr type 3,
val 32.8.5.101 added, len 4.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > print ikecfg attribute
payload:
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > next: 0, payloadlength 40,
type 3, identifier 9519.
## 2009-12-09 17:07:42 : IKE<0.0.0.0 > variable attr type 1, vallen
1024, valstr 10.8.80.112
## 2009-12-09 17:07:42 : IKE<0.0.0.0 >
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > dh group 2
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > finished job pkaidx <0>
dh_len<128> dmax<64>
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > finished job
d<c5975e8a><6b7285b1><6c644c1e><94c00385>
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > BN, top32 dmax64 zero<no>
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > from FLOAT port.
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > print ikecfg attribute
payload:
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > next: 0, payloadlength 12,
type 4, identifier 9519.
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > variable attr type 3, vallen
0, valstr 0.0.0.0
## 2009-12-09 17:07:43 : IKE<0.0.0.0 >
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > ikecfg list add attr type 3,
val 0.0.0.0 added, len 0.
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > ikecfg list add attr type
16527, val 0 added, len 0.
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > print ikecfg attribute
payload:
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > next: 0, payloadlength 12,
type 3, identifier 9519.
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > basic attr type 16527,
valint 0
## 2009-12-09 17:07:43 : IKE<0.0.0.0 >
## 2009-12-09 17:07:43 : IKE<0.0.0.0 > from FLOAT port.
Shrew VPN Client work with Juniper ? Preshred Key and XAut ?
Somebody halp me ?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091210/3239c374/attachment-0001.html>
More information about the vpn-help
mailing list