[vpn-help] Shrew VPN with Juniper SSG-140

Stefan Bauer stefan.bauer at cubewerk.de
Mon Feb 22 01:29:31 CST 2010


Am 20.02.2010 12:55, Felix Pablo Grande schrieb:
> Hi,
> 
> i built a vpn tunnel with Shrew client and Juniper SSG-140 firewall, but
> when try to do a ping with a host of the internal host of the network, i
> don't receive a pong.
> 
> In Security associations appear:
> 
> Established  - 0
> Expired - 0
> Errors - 0
> 
> Tunnel
> 
> Status - Connected
> Remote Host - Public IP of firewall
> Transpor Used - NAT-T/ IKE | ESP
> IKE fragmentation - Disabled
> Dead Peer Detection - Enabled
> 
> And the configuration is:
> 
> n:version:2
> n:network-ike-port:500
> n:network-natt-port:4500
> n:network-natt-rate:15
> n:network-frag-size:540
> n:network-dpd-enable:1
> n:network-notify-enable:1
> n:client-banner-enable:0
> n:client-dns-used:1
> n:client-dns-auto:0
> b:auth-mutual-psk:MyPassword
> n:phase1-dhgroup:2
> n:phase1-keylen:0
> n:phase1-life-secs:28800
> n:phase1-life-kbytes:0
> n:vendor-chkpt-enable:0
> n:phase2-keylen:0
> n:phase2-pfsgroup:2
> n:phase2-life-secs:3600
> n:phase2-life-kbytes:0
> n:policy-nailed:0
> n:policy-list-auto:0
> n:network-mtu-size:1380
> n:client-addr-auto:0
> s:network-host:Firewall Public IP
> s:client-auto-mode:disabled
> s:client-iface:virtual
> s:client-ip-addr:172.16.100.169
> s:client-ip-mask:255.255.255.0
> s:network-natt-mode:enable
> s:network-frag-mode:enable
> s:client-dns-addr:172.16.100.2
> s:client-dns-suffix:mydomain.com
> s:auth-method:mutual-psk
> s:ident-client-type:ufqdn
> s:ident-client-data:fpgrande at mydomain.com<s%3Aident-client-data%3Afpgrande at mydomain.com>
> s:ident-server-type:address
> s:ident-server-data:172.16.100.169
> s:phase1-exchange:aggressive
> s:phase1-cipher:des
> s:phase1-hash:md5
> s:phase2-transform:des
> s:phase2-hmac:md5
> s:ipcomp-transform:disabled
> s:policy-list-include:172.16.100.0 / 255.255.255.0,172.17.100.0 /
> 255.255.255.0
> 
> Can you help me ?

Felix,

please provide further debugging information collected by the shrew
soft trace utility.

http://www.shrew.net/support/wiki/BugReportVpnWindows

Stefan
-- 
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------



More information about the vpn-help mailing list