[vpn-help] shrew to juniper dialup, specific ip/service only
Igor Manassypov
imanassypov at rogers.com
Tue Oct 26 20:00:43 CDT 2010
Hi,
I would appreciate some help with setting up the dial-up vpn with shrew to juniper netscreen.
Vanilla example presented on the shrew support page works fine.
However, if I attempt to narrow down the "dial-up vpn -> trust" policy to a specific list of ip addresses and only on specific ports, I start receiving "
Rejected an IKE packet ... because the VPN does not have an application SA
configured"
It appears to me that this is a Proxy-ID issue, however I cant
seem to figure out how to solve it.
The trust specific ip addresses included on the dial-up policy match
those in the shrew 'policy' tab.
Your help is greatly appreciated,
Thank you
Igor M., M.Eng, P.Eng Network Architect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20101026/88d5cb0d/attachment.html>
More information about the vpn-help
mailing list