[vpn-help] Juniper SSG5 VPN connect Issue
Matthew Grooms
mgrooms at shrew.net
Sun Mar 14 20:50:46 CDT 2010
On 3/10/2010 5:29 PM, Luke LeBoeuf wrote:
> All,
> I have a Juniper SSG5 firewall that I am trying to set up to work
> with the release shrew client (v2.1.5). I am using the SSG5 firmware
> version 6.1.0r2.0. I have set up the gateway side and the client side to
> the letter of the shrew documentation, but I keep failing to initiate
> the tunnel and I am not sure why. Below is the reject event that I get
> from the gateway. Does anyone have any ideas? The shrew client trace
> tool simply says 'resend limit exceeded for phase1 exchange' and it
> kills the attempts. Any help would be greatly appreciated as we are
> trying to get this off the ground. In the example below I was using an
> AT&T 3g card, but it also happened from a desktop using cox ISP.
>
>
> Rejected an IKE packet on ethernet0/0 from 166.204.222.138:500
> <http://166.204.222.138:500> to xx.xx.xx.xx:500 with cookies
> 5dba7aba5e660ebc and 0000000000000000 because an initial Phase 1 packet
> arrived from an unrecognized peer gateway.
>
The Mode under Define Advanced Parameters of the Autokey Advanced
Gateway definition needs to be set to Aggressive on some gateways. It
says ( Initiator ) which I take to mean when the gateway is acting as
the initiator, but a few people have reported this as a problem with
certain firmware versions. I'll update the document.
Hope this helps,
-Matthew
More information about the vpn-help
mailing list