[vpn-help] Almost connected shrewsoft to Juniper SSG5?
Igor Birman
igor_birman at yahoo.com
Fri Jun 25 21:32:10 CDT 2010
I have been trying to set up a VPN connection to an SSG5 by following the instructions at:
http://www.shrew.net/support/wiki/HowtoJuniperSsg
I am able to establish a connection on the client and get an IP address, but then I get some more error messages on the SSG5. Can someone point me to what they mean? It says no policy esists for the proxy ID, and then that the VPN does not have an application SA. I don't understand either message. Here they are:
2010-06-25
22:36:57 info Rejected an IKE packet on ethernet0/0 from
71.191.197.230:4500 to xx.xx.xx.17:4500 with cookies 0e6193f393015ecd
and e153abc6ac9a3cb5 because the VPN does not have an application SA
configured.
2010-06-25 22:36:57 info IKE<71.191.197.230> Phase 2: No policy exists for the proxy ID received: local ID
(<192.168.100.0>/<255.255.255.0>, <0>, <0>)
remote ID (<192.168.100.130>/<255.255.255.255>, <0>,
<0>).
2010-06-25 22:36:57 info IKE<71.191.197.230> Phase 2 msg ID <8d82f56c>: Responded to the peer's first message.
2010-06-25 22:36:46 info IKE<71.191.197.230>: XAuth login was passed for gateway <vpnclient_gateway>, username
<igor>, retry: 0, Client IP Addr<192.168.100.130>, IPPool
name:<vpn>, Session-Timeout:<0s>, Idle-Timeout:<0s>.
Thanks!
Igor
________________________________
From: Rui Cordeiro <rmacordeiro at gmail.com>
To: Igor Birman <igor_birman at yahoo.com>
Cc: vpn-help at lists.shrew.net
Sent: Thu, June 24, 2010 11:03:12 AM
Subject: Re: [vpn-help] Can't connect Shrewsoft to SSG5
Hi,
I have just finished configuring a VPN connection against a Juniper
with version 5.4 and the data on the link is accurate and everything
worked fine.
If you can send some print screens of the configs, Juniper and Shrew
Client I can try to help you (just delete sensitive info).
Regards,
Rui Cordeiro
Igor Birman wrote:
>
>I
>am trying to connect to an SSG5. I followed the guide:
>
>
>http://www.shrew.net/support/wiki/HowtoJuniperSsg
>
>>but the client stops at "bringing up tunnel" and then hangs there
>forever. On the server, I have the following messages:
>
>>2010-06-24 07:47:03 info IKE<71.191.197.230>: Received
>initial contact notification and removed Phase 1 SAs.
>>2010-06-24 07:47:03 info IKE<71.191.197.230>: Received
>initial contact notification and removed Phase 2 SAs.
>>2010-06-24 07:47:03 info IKE<71.191.197.230>: Received a
>notification message for DOI <1> <24578>
><INITIAL-CONTACT>.
>>2010-06-24 07:47:03 info IKE<71.191.197.230> Phase 1:
>Completed Aggressive mode negotiations with a <28800>-second
>lifetime.
>>2010-06-24 07:47:03 info IKE<71.191.197.230> Phase 1:
>Completed for user <Test>.
>>2010-06-24 07:47:03 info IKE<71.191.197.230> Phase 1: IKE
>responder has detected NAT in front of the remote device.
>>2010-06-24 07:47:03 info IKE<71.191.197.230> Phase 1: IKE
>responder has detected NAT in front of the local device.
>>2010-06-24 07:47:03 info IKE<71.191.197.230> Phase 1:
>Responder starts AGGRESSIVE mode negotiations.
>
>>What am I missing?
>
>
>Thanks,
>>Igor
>
________________________________
>_______________________________________________
>vpn-help mailing list
>vpn-help at lists.shrew.net http://lists.shrew.net/mailman/listinfo/vpn-help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100625/ddddbf5f/attachment-0002.html>
More information about the vpn-help
mailing list