[vpn-help] Code Change

kevin shrew-vpn klmlk at hotmail.com
Tue May 11 06:41:21 CDT 2010


On Mon, 10 May 2010 15:14:26 -0600
Nick Nyberg <nick at liveconsulting.com> wrote:

> From the firewall
> I can see the error message:
> 
> Rejected an IKE packet on ethernet3 from 63.229.228.145:1933 to
> 63.253.251.138:500 with cookies 5258772399d01271 and 89bc291a23a99798
> because there were no acceptable Phase 1 proposals.
> 
> The only thing that has changed is the firmware on the router.  I
> recently upgraded to  5.4.0r15.0 (Firewall+VPN) on the Netscreen 25.
> 
> My questions:
> 1.)  Can anyone else confirm that the Netscreen 5.4.0r15.0 broke
> there dial-up VPN? 2.)  Any idea how to reestablish connectivity?
> 3.)  I found the trouble ticket ID: Ticket #3752 (reopened defect) -
> I would like to note that I have the same issue on Windows 7, x64
> even running Head development 2.2.0-alpha-9.
> 

Hi Nick, there's also a 5.4.0r16 available and the release notes do
reference a fix for a phase 1 negotiation problem.  Have you checked to
see if this problem also affects the Juniper NetScreen-Remote client?

Secondly, I had a similar problem for a while when first trying to setup
Shrew to Juniper (on ScreenOS 6.1), and I think I solved it by *not*
specifying all the Phase 1 details in the Shrew configuration.  I just
left the Cipher and Hash on auto in the Phase 1 tab, and I left Remote
Identity set to IP Address and checked Use a discovered remote host
address on the Authentication tab.

I could only find "Shrew' and ticket "3752" in reference to a DNS
resolution problem reported on VirtualBox (which references Shrew
Ticket #6). This does not seem to be the same problem at all.




More information about the vpn-help mailing list