[Vpn-help] Juniper SSG Commercial IPsec Gateway
Matthew Grooms
mgrooms at shrew.net
Thu Dec 13 03:52:30 CST 2007
Stefan Bauer wrote:
>> -----Ursprüngliche Nachricht-----
>> Von: Matthew Grooms [mailto:mgrooms at shrew.net]
>> Gesendet: Donnerstag, 13. Dezember 2007 09:50
>> An: Stefan Bauer
>> Cc: vpn-help at lists.shrew.net
>> Betreff: Re: [Vpn-help] Juniper SSG Commercial IPsec Gateway
>
>> Good news about the nat-t at least. Hmmm, I just tested the trace
>> facility and it seems to be working fine for me. When running
>> vpn trace,
>> did you use the options menu to set the log level to debug
>> and restart
>> the ike service? This is necessary to see anything besides
>> the startup
>> logo. If you can get this output to me, I will do what I can
>> to correct
>> the issue you are seeing.
>
> shame on me. thought that all changes i've made will be automatically integrated to newer versions. please see the attached log below: (fyi, i moved back to default auth with ike ((without xauth).)
>
Stefan,
Thanks for submitting the log info which was very helpful. The problem
is that I didn't read the NAT-T 00 and 01 draft specifications close
enough so the IKE daemon is not behaving as it should. Beginning with
draft 02, ports float and the non-esp marker is added. I need to make
some changes and post a new build that skips these steps when draft 00
or 01 are negotiated. Sorry for the trouble.
Thanks,
-Matthew
More information about the vpn-help
mailing list