[vpn-help] Code Change

Nick Nyberg nick at liveconsulting.com
Mon May 10 16:14:26 CDT 2010


New to the list, so forgive me if I miss some etiquette.

I have implemented Shrewsoft on several (10+) networks, and am pretty familiar with Juniper / Netscreen VPN's.  I ran into an issue where one of them stopped working.  After exhausting configuration options, recreating the VPN's, I still had the same issue.  From the firewall I can see the error message:

Rejected an IKE packet on ethernet3 from 63.229.228.145:1933 to 63.253.251.138:500 with cookies 5258772399d01271 and 89bc291a23a99798 because there were no acceptable Phase 1 proposals.

The only thing that has changed is the firmware on the router.  I recently upgraded to  5.4.0r15.0 (Firewall+VPN) on the Netscreen 25.  I didn't beleive this would be the issue, so I upgraded a second Netscreen (5GT) with the same code version, and same thing.  Dial-up VPN is broke.  Rollback isn't an option as there was a security fix that I needed, but I also need the dial-up VPN.  Since Netscreen doesn't support x64 clients I am running out of options.

My questions:
1.)  Can anyone else confirm that the Netscreen 5.4.0r15.0 broke there dial-up VPN?
2.)  Any idea how to reestablish connectivity?
3.)  I found the trouble ticket ID: Ticket #3752 (reopened defect) - I would like to note that I have the same issue on Windows 7, x64 even running Head development 2.2.0-alpha-9.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20100510/bd997b67/attachment.html>


More information about the vpn-help mailing list