[Vpn-help] HowtoJuniperSsg suggestion
Matthew Grooms
mgrooms at shrew.net
Mon Jun 16 21:59:25 CDT 2008
Stefan Bauer wrote:
> Dear Matthew,
>
> i just successfully configured my Juniper Netscreen 5XT with the
> shrewsoft vpn client + xauth.
>
> I worked through your howto[1] and found a few things that need a little
> face-lifting :p
>
> The Destination Network is 10.3.0.0/16 so from 10.3.0.1 to 10.3.255.254
>
> In the Policy Window you include a different network -> 10.1.2.0/24
> I would set this similar to avoid problems.
>
Good catch. I also added this to the site configuration example.
> Client Settings:
>
> In the Phase 2 Tab i had to set this explicitly to ESP-3DES.
>
Hmmm. My configuration is set to auto and it works correctly. Maybe you
use an older version of the firmware?
> In the General Tab the Auto Configuration has to be Ike config push, if
> not i get:
>
> 08/06/12 11:10:18 !! : peer violates RFC, transform number mismatch ( 1
> != 5 )
> 08/06/12 11:10:18 !! : no xauth status received and config mode is not
> push
>
Right. I had this set in the site configuration file but failed to
mention it in the Client Configuration section of the Howto.
Thanks again,
-Matthew
More information about the vpn-help
mailing list