[vpn-help] Code Change
kevin shrew-vpn
klmlk at hotmail.com
Tue May 11 06:41:21 CDT 2010
On Mon, 10 May 2010 15:14:26 -0600
Nick Nyberg <nick at liveconsulting.com> wrote:
> From the firewall
> I can see the error message:
>
> Rejected an IKE packet on ethernet3 from 63.229.228.145:1933 to
> 63.253.251.138:500 with cookies 5258772399d01271 and 89bc291a23a99798
> because there were no acceptable Phase 1 proposals.
>
> The only thing that has changed is the firmware on the router. I
> recently upgraded to 5.4.0r15.0 (Firewall+VPN) on the Netscreen 25.
>
> My questions:
> 1.) Can anyone else confirm that the Netscreen 5.4.0r15.0 broke
> there dial-up VPN? 2.) Any idea how to reestablish connectivity?
> 3.) I found the trouble ticket ID: Ticket #3752 (reopened defect) -
> I would like to note that I have the same issue on Windows 7, x64
> even running Head development 2.2.0-alpha-9.
>
Hi Nick, there's also a 5.4.0r16 available and the release notes do
reference a fix for a phase 1 negotiation problem. Have you checked to
see if this problem also affects the Juniper NetScreen-Remote client?
Secondly, I had a similar problem for a while when first trying to setup
Shrew to Juniper (on ScreenOS 6.1), and I think I solved it by *not*
specifying all the Phase 1 details in the Shrew configuration. I just
left the Cipher and Hash on auto in the Phase 1 tab, and I left Remote
Identity set to IP Address and checked Use a discovered remote host
address on the Authentication tab.
I could only find "Shrew' and ticket "3752" in reference to a DNS
resolution problem reported on VirtualBox (which references Shrew
Ticket #6). This does not seem to be the same problem at all.
More information about the vpn-help
mailing list