[vpn-help] Juniper SSG5 VPN connect Issue

Matthew Grooms mgrooms at shrew.net
Sun Mar 14 20:50:46 CDT 2010

On 3/10/2010 5:29 PM, Luke LeBoeuf wrote:
> All,
>      I have a Juniper SSG5 firewall that I am trying to set up to work
> with the release shrew client (v2.1.5). I am using the SSG5 firmware
> version 6.1.0r2.0. I have set up the gateway side and the client side to
> the letter of the shrew documentation, but I keep failing to initiate
> the tunnel and I am not sure why. Below is the reject event that I get
> from the gateway. Does anyone have any ideas? The shrew client trace
> tool simply says 'resend limit exceeded for phase1 exchange' and it
> kills the attempts. Any help would be greatly appreciated as we are
> trying to get this off the ground. In the example below I was using an
> AT&T 3g card, but it also happened from a desktop using cox ISP.
> Rejected an IKE packet on ethernet0/0 from
> <> to xx.xx.xx.xx:500 with cookies
> 5dba7aba5e660ebc and 0000000000000000 because an initial Phase 1 packet
> arrived from an unrecognized peer gateway.

The Mode under Define Advanced Parameters of the Autokey Advanced 
Gateway definition needs to be set to Aggressive on some gateways. It 
says ( Initiator ) which I take to mean when the gateway is acting as 
the initiator, but a few people have reported this as a problem with 
certain firmware versions. I'll update the document.

Hope this helps,


More information about the vpn-help mailing list