[vpn-help] Connection problems to a Juniper SSG5 firewall

kevin shrew-vpn klmlk at hotmail.com
Mon Jul 5 10:30:57 CDT 2010


Hi Jan-Tore,

The first thing I would check is that you've set the Shrew client to receive the configuration from the SSG.  In the Shrew client Site Configuration, General tab, the "Auto Configuration" field should be set to "ike config push".

If that doesn't solve it, please post your site configuration file so we can compare it to a working config.  You can generate the file by exporting the site config.

  

-----Original Message-----
From: Jan-Tore Pedersen <jan-tore at lan-xo.no>
Date: Mon, 5 Jul 2010 15:16:40 
To: <klmlk at hotmail.com>
Subject: Re: [vpn-help] Connection problems to a Juniper SSG5 firewall

I have assigned a pool on the policy tab on the client. The connection works fine on the ns-remote client and tje ncp client. But want to use a freeware client with windows 7.  I must be doing something wrong on the client. I can post some screenshots of the setup. 
 
 Thanks
 Jan-Tore
 
 Sendt fra min iPhone
 
 Den 5. juli 2010 kl. 15:59 skrev "kevin shrew-vpn " <klmlk at hotmail.com>:
 
 > Hi Jan-Tore,
 > 
 > It looks like you're not providing a virtual IP from the SSG to Shrew (Client IP Addr 0.0.0.0, IPPool name:).  Try defining an IPPool (make sure it does not overlap with Trust network, it can be any private range) and assign it to the XAuth Settings for VPN.
 > 
 > The Howto works well, check your config against it:
 > Http://www.shrewsoft.com/support/wiki/HowtoJuniperSsg
 > 
 > -----Original Message-----
 > From: Jan-Tore Pedersen <jan-tore at lan-xo.no>
 > Date: Mon, 5 Jul 2010 08:10:09 
 > To: <mgrooms at shrew.net>; <vpn-help at lists.shrew.net>
 > Subject: [vpn-help] Connection problems to a Juniper SSG5 firewall
 > 
 > Hello guys
 >  
 > I just upgraded the firmware on the firewall as pr junipers recomendation and still no luck with getting trough with the shrewsoft vpn client. I get to phase 2 and then it falls on it's face. Here is the log from the firewall.
 >  
 > IKE 195.18.140.92: XAuth login was passed for gateway VPN-GW, username bruker097, retry: 0, Client IP Addr 0.0.0.0, IPPool name: , Session-Timeout: 0s, Idle-Timeout: 0s.
 > IKE 195.18.140.92: XAuth login was refreshed for username bruker097 at 0.0.0.0/0.0.0.0.
 > Rejected an IKE packet on ethernet0/0 from 195.18.140.92:500 to 62.92.30.6:500 with cookies 4188b7c824d65185 and ebd1565026b035e7 because A Phase 2 packet arrived while XAuth was still pending.
 > IKE 195.18.140.92 Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime.
 > IKE 195.18.140.92 Phase 1: Completed for user bruker097.
 > IKE 195.18.140.92 phase 1:The symmetric crypto key has been generated successfully.
 > IKE 195.18.140.92 Phase 1: Responder starts AGGRESSIVE mode negotiations
 >  
 >  
 > If anyone has any solutions it would be great.
 >  
 > Thanks
 > Jan-Tore Pedersen
 > Systemkonsulent
 > Lan-X Øst AS
 > m:95308035
 >  
 >_______________________________________________
 > vpn-help mailing list
 > vpn-help at lists.shrew.net
 > http://lists.shrew.net/mailman/listinfo/vpn-help
 >



More information about the vpn-help mailing list