[vpn-help] Shrew soft VPN client configuration for juniper SSG

Zigmunds Vītiņš zvitins at tcp.lv
Wed Oct 13 06:43:48 CDT 2010


  Hi Matthew,

thank's a lot.
Now I can successfully establish tunnel.
But I still have one problem - I can not access any server behind ssg.
In policy log on ssg I can not see any attempt - what should I change else?
Now my config is:

n:version:2
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:0
n:network-notify-enable:1
n:client-wins-used:0
n:client-wins-auto:0
n:client-dns-used:1
n:client-dns-auto:0
n:client-splitdns-used:0
n:client-splitdns-auto:0
n:phase1-dhgroup:5
n:phase1-keylen:256
n:phase1-life-secs:28800
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-keylen:256
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:1
n:policy-list-auto:0
s:client-saved-username:test test
s:network-host:[remote ip]
s:client-auto-mode:disabled
s:client-iface:direct
s:network-natt-mode:enable
s:network-frag-mode:enable
s:client-dns-addr:10.200.0.8
s:auth-method:mutual-psk-xauth
s:ident-client-type:ufqdn
s:ident-server-type:any
s:ident-client-data:email at address
b:auth-mutual-psk:xxxxxxxxxxx
s:phase1-exchange:aggressive
s:phase1-cipher:aes
s:phase1-hash:sha1
s:phase2-transform:esp-aes
s:phase2-hmac:sha1
s:ipcomp-transform:disabled
n:phase2-pfsgroup:5
s:policy-level:require
s:policy-list-include:10.200.0.0 / 255.255.255.0


On 10/11/2010 12:55 AM, Matthew Grooms wrote:
> If the client is set to use "virtual adapter and assigned address", 
> you need to change it to "existing adapter and current address".



More information about the vpn-help mailing list