[vpn-help] Shrew VPN with Juniper SSG-140

Felix Pablo Grande fpgrande at gmail.com
Sat Feb 20 05:55:18 CST 2010


Hi,

i built a vpn tunnel with Shrew client and Juniper SSG-140 firewall, but
when try to do a ping with a host of the internal host of the network, i
don't receive a pong.

In Security associations appear:

Established  - 0
Expired - 0
Errors - 0

Tunnel

Status - Connected
Remote Host - Public IP of firewall
Transpor Used - NAT-T/ IKE | ESP
IKE fragmentation - Disabled
Dead Peer Detection - Enabled

And the configuration is:

n:version:2
n:network-ike-port:500
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:network-notify-enable:1
n:client-banner-enable:0
n:client-dns-used:1
n:client-dns-auto:0
b:auth-mutual-psk:MyPassword
n:phase1-dhgroup:2
n:phase1-keylen:0
n:phase1-life-secs:28800
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-keylen:0
n:phase2-pfsgroup:2
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
n:network-mtu-size:1380
n:client-addr-auto:0
s:network-host:Firewall Public IP
s:client-auto-mode:disabled
s:client-iface:virtual
s:client-ip-addr:172.16.100.169
s:client-ip-mask:255.255.255.0
s:network-natt-mode:enable
s:network-frag-mode:enable
s:client-dns-addr:172.16.100.2
s:client-dns-suffix:mydomain.com
s:auth-method:mutual-psk
s:ident-client-type:ufqdn
s:ident-client-data:fpgrande at mydomain.com<s%3Aident-client-data%3Afpgrande at mydomain.com>
s:ident-server-type:address
s:ident-server-data:172.16.100.169
s:phase1-exchange:aggressive
s:phase1-cipher:des
s:phase1-hash:md5
s:phase2-transform:des
s:phase2-hmac:md5
s:ipcomp-transform:disabled
s:policy-list-include:172.16.100.0 / 255.255.255.0,172.17.100.0 /
255.255.255.0

Can you help me ?

Best regards,

-- 
Félix Pablo Grande Ramos

La cosa más difícil es conocernos a nosotros mismos; la más fácil es hablar
mal de los demás.

Tales de Mileto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100220/bed709a2/attachment-0001.html>


More information about the vpn-help mailing list