[vpn-help] shrew to juniper dialup, specific ip/service only

Igor Manassypov imanassypov at rogers.com
Tue Oct 26 20:00:43 CDT 2010


Hi,

I would appreciate some help with setting up the dial-up vpn with shrew to juniper netscreen.
Vanilla example presented on the shrew support page works fine.

However, if I attempt to narrow down the "dial-up vpn -> trust" policy to a specific list of ip addresses and only on specific ports, I start receiving "
Rejected an IKE packet ... because the VPN does not have an application SA 
configured"

It appears to me that this is a Proxy-ID issue, however I cant 
seem to figure out how to solve it.

The trust specific ip addresses included on the dial-up policy match
those in the shrew 'policy' tab.

Your help is greatly appreciated,

Thank you

Igor M., M.Eng, P.Eng Network Architect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20101026/88d5cb0d/attachment.html>


More information about the vpn-help mailing list