[vpn-help] Code Change
Nick Nyberg
nick at liveconsulting.com
Mon May 10 16:14:26 CDT 2010
New to the list, so forgive me if I miss some etiquette.
I have implemented Shrewsoft on several (10+) networks, and am pretty familiar with Juniper / Netscreen VPN's. I ran into an issue where one of them stopped working. After exhausting configuration options, recreating the VPN's, I still had the same issue. From the firewall I can see the error message:
Rejected an IKE packet on ethernet3 from 63.229.228.145:1933 to 63.253.251.138:500 with cookies 5258772399d01271 and 89bc291a23a99798 because there were no acceptable Phase 1 proposals.
The only thing that has changed is the firmware on the router. I recently upgraded to 5.4.0r15.0 (Firewall+VPN) on the Netscreen 25. I didn't beleive this would be the issue, so I upgraded a second Netscreen (5GT) with the same code version, and same thing. Dial-up VPN is broke. Rollback isn't an option as there was a security fix that I needed, but I also need the dial-up VPN. Since Netscreen doesn't support x64 clients I am running out of options.
My questions:
1.) Can anyone else confirm that the Netscreen 5.4.0r15.0 broke there dial-up VPN?
2.) Any idea how to reestablish connectivity?
3.) I found the trouble ticket ID: Ticket #3752 (reopened defect) - I would like to note that I have the same issue on Windows 7, x64 even running Head development 2.2.0-alpha-9.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20100510/bd997b67/attachment.html>
More information about the vpn-help
mailing list