[vpn-help] Shrew soft VPN client configuration for juniper SSG
Matthew Grooms
mgrooms at shrew.net
Sun Oct 10 16:55:02 CDT 2010
On 10/8/2010 8:46 AM, Zigmunds Vītiņš wrote:
> Hello,
>
> I don't have address pool for this vpn.
>
Hi Zigmunds,
If you don't supply an address pool for the connection, the site config
needs to be modified. In the general properties page, there is an option
for selecting the Auto Configuration type. Setting it to 'ike config
push' means that the client will expect to be sent configuration options
such as virtual IP address/netmask ( when virtual adapter mode is used )
and other settings such as DNS server, WINS server settings. From your
log output, your gateway appears to be sending an Xauth result without
sending any configuration information. This is confusing the client
because its configured to receive a configuration push request.
So, I would try the following ...
1) If the client is set to use "virtual adapter and assigned address",
you need to change it to "existing adapter and current address". This
should hopefully match the mode in which your Netscreen remote clients
operate ( not getting a virtual IP so there is no virtual adapter ). For
more information on this topic, please see ...
http://www.shrew.net/static/help-2.1.x/files/ClientManagement.html
2) If the client is set to use "ike config push" as described in our
Juniper SSG howto, you need to set this to "disabled" instead. Your
gateway isn't sending a push request, so the client needs to know to
skip the automatic configuration step.
Hope this helps,
-Matthew
More information about the vpn-help
mailing list