[vpn-help] Connection problems to a Juniper SSG5 firewall

kevin shrew-vpn klmlk at hotmail.com
Mon Jul 5 08:59:00 CDT 2010


Hi Jan-Tore,

It looks like you're not providing a virtual IP from the SSG to Shrew (Client IP Addr 0.0.0.0, IPPool name:).  Try defining an IPPool (make sure it does not overlap with Trust network, it can be any private range) and assign it to the XAuth Settings for VPN.

The Howto works well, check your config against it:
Http://www.shrewsoft.com/support/wiki/HowtoJuniperSsg

-----Original Message-----
From: Jan-Tore Pedersen <jan-tore at lan-xo.no>
Date: Mon, 5 Jul 2010 08:10:09 
To: <mgrooms at shrew.net>; <vpn-help at lists.shrew.net>
Subject: [vpn-help] Connection problems to a Juniper SSG5 firewall

Hello guys
 
I just upgraded the firmware on the firewall as pr junipers recomendation and still no luck with getting trough with the shrewsoft vpn client. I get to phase 2 and then it falls on it's face. Here is the log from the firewall.
 
IKE 195.18.140.92: XAuth login was passed for gateway VPN-GW, username bruker097, retry: 0, Client IP Addr 0.0.0.0, IPPool name: , Session-Timeout: 0s, Idle-Timeout: 0s.
IKE 195.18.140.92: XAuth login was refreshed for username bruker097 at 0.0.0.0/0.0.0.0.
Rejected an IKE packet on ethernet0/0 from 195.18.140.92:500 to 62.92.30.6:500 with cookies 4188b7c824d65185 and ebd1565026b035e7 because A Phase 2 packet arrived while XAuth was still pending.
IKE 195.18.140.92 Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime.
IKE 195.18.140.92 Phase 1: Completed for user bruker097.
IKE 195.18.140.92 phase 1:The symmetric crypto key has been generated successfully.
IKE 195.18.140.92 Phase 1: Responder starts AGGRESSIVE mode negotiations
 
 
If anyone has any solutions it would be great.
 
Thanks
Jan-Tore Pedersen
Systemkonsulent
Lan-X Øst AS
m:95308035
 



More information about the vpn-help mailing list