[vpn-help] netscreen-25 P2 problem: invalid payload type

Dimitri Croubels dimitric at haco.com
Sat May 15 04:56:57 CDT 2010


Dear,

I am trying to connect the shrew vpn client (windows xp) to a juniper netscreen-25 device.

I get as far as phase1 completed but then I get following message on the juniper device.

Received a notification message for DOI <1><24578><INITIAL-CONTACT>
1 means: invalid payload type
24578 means: initial_contact.
After that I get 
Received initial contact notification and removed Phase 2 SAs.
Received initial contact notification and removed Phase 1 SAs.

After that nothing.

On the client log, 

I get 

0/05/15 11:40:17 == : stored iv ( 16 bytes )
10/05/15 11:40:17 -> : send NAT-T:IKE packet 192.168.2.2:4500 -> 194.78.239.170:4500 ( 124 
bytes )
10/05/15 11:40:17 ii : DPD ARE-YOU-THERE sequence 0033959d requested
10/05/15 11:40:17 <- : recv NAT-T:IKE packet 194.78.239.170:4500 -> 192.168.2.2:4500 ( 92 
bytes )
10/05/15 11:40:17 DB : phase1 found
10/05/15 11:40:17 ii : processing informational packet ( 92 bytes )
10/05/15 11:40:17 == : new informational iv ( 16 bytes )
10/05/15 11:40:17 =< : cookies 8457a4fd5ec6a6ed:51f963fa673c8307
10/05/15 11:40:17 =< : message 596bb408
10/05/15 11:40:17 =< : decrypt iv ( 16 bytes )
10/05/15 11:40:17 == : decrypt packet ( 92 bytes )
10/05/15 11:40:17 <= : trimmed packet padding ( 12 bytes )
10/05/15 11:40:17 <= : stored iv ( 16 bytes )
10/05/15 11:40:17 << : hash payload
10/05/15 11:40:17 << : notification payload
10/05/15 11:40:17 == : informational hash_i ( computed ) ( 16 bytes )
10/05/15 11:40:17 == : informational hash_c ( received ) ( 16 bytes )
10/05/15 11:40:17 ii : informational hash verified
10/05/15 11:40:17 ii : received peer DPDV1-R-U-THERE-ACK notification
10/05/15 11:40:17 ii : - 194.78.239.170:4500 -> 192.168.2.2:4500
10/05/15 11:40:17 ii : - isakmp spi = 8457a4fd5ec6a6ed:51f963fa673c8307
10/05/15 11:40:17 ii : - data size 4
10/05/15 11:40:17 ii : DPD ARE-YOU-THERE-ACK sequence 0033959d accepted
10/05/15 11:40:17 ii : next tunnel DPD request in 15 secs for peer 194.78.239.170:4500
10/05/15 11:40:30 DB : phase1 found

This keeps repeating.

Have you got any idea what went wrong?
Kind regards,
Dimitri





More information about the vpn-help mailing list