[vpn-help] Cannot connect to IKE VPN with Shrewsoft using Windows 7

Dragonnet Support domain at dragonnet.co.uk
Sat Aug 13 05:52:22 CDT 2011 

Hi,

I am setting up a IKE VPN gateway to a Juniper SSX series firewall.  The 
connection is now working however I carried out the initial work on my 
notebook.  This failed to connect and at  no point showed any record in 
the logs of the Juniper of attempting a connection.  After much work 
debugging I tried a different machine and this connected correctly first 
time (using the same Internet gateway).

The symptom is that shrewsoft appears to install correctly (I have tried 
this two or three times and rebooted each time) but times out on the 
initial phase 1 key sending.  It would appear that something is 
preventing it from connecting.  I have disabled both the windows 
firewall and the antivirus (AVG).

The workstation is running Windows 7 Pro (32 bit) and I am using the 
2.1.7 version of Shrewsoft.  The other machine is in fact Windows 7 Home 
(32 bit) and worked correctly with the same shrewsoft version.

Although my problem has been resolved (by using a different workstation) 
I am concerned that I may encounter problems when I deploy the solution 
to users.

Detailed below is the log output:-

11/08/13 11:47:06 ## : IKE Daemon, ver 2.1.7
11/08/13 11:47:06 ## : Copyright 2010 Shrew Soft Inc.
11/08/13 11:47:06 ## : This product linked OpenSSL 0.9.8h 28 May 2008
11/08/13 11:47:06 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client\debug\iked.log'
11/08/13 11:47:06 ii : rebuilding vnet device list ...
11/08/13 11:47:06 ii : device ROOT\VNET\0000 disabled
11/08/13 11:47:06 ii : network process thread begin ...
11/08/13 11:47:06 ii : ipc server process thread begin ...
11/08/13 11:47:06 ii : pfkey process thread begin ...
11/08/13 11:47:28 ii : ipc client process thread begin ...
11/08/13 11:47:28 <A : peer config add message
11/08/13 11:47:28 DB : peer added ( obj count = 1 )
11/08/13 11:47:28 ii : local address 192.168.95.101 selected for peer
11/08/13 11:47:28 DB : tunnel added ( obj count = 1 )
11/08/13 11:47:28 <A : proposal config message
11/08/13 11:47:28 <A : proposal config message
11/08/13 11:47:28 <A : client config message
11/08/13 11:47:28 <A : xauth username message
11/08/13 11:47:28 <A : xauth password message
11/08/13 11:47:28 <A : local id 'client.pivotss.net' message
11/08/13 11:47:28 <A : remote id 'vpngw.pivotss.net' message
11/08/13 11:47:28 <A : preshared key message
11/08/13 11:47:28 <A : remote resource message
11/08/13 11:47:28 <A : peer tunnel enable message
11/08/13 11:47:28 DB : new phase1 ( ISAKMP initiator )
11/08/13 11:47:28 DB : exchange type is aggressive
11/08/13 11:47:28 DB : 192.168.95.101:500 <-> 212.46.132.226:500
11/08/13 11:47:28 DB : 239bc090b5ec1ce4:0000000000000000
11/08/13 11:47:28 DB : phase1 added ( obj count = 1 )
11/08/13 11:47:28 >> : security association payload
11/08/13 11:47:28 >> : - proposal #1 payload
11/08/13 11:47:28 >> : -- transform #1 payload
11/08/13 11:47:28 >> : -- transform #2 payload
11/08/13 11:47:28 >> : -- transform #3 payload
11/08/13 11:47:28 >> : -- transform #4 payload
11/08/13 11:47:28 >> : -- transform #5 payload
11/08/13 11:47:28 >> : -- transform #6 payload
11/08/13 11:47:28 >> : -- transform #7 payload
11/08/13 11:47:28 >> : -- transform #8 payload
11/08/13 11:47:28 >> : -- transform #9 payload
11/08/13 11:47:28 >> : -- transform #10 payload
11/08/13 11:47:28 >> : -- transform #11 payload
11/08/13 11:47:28 >> : -- transform #12 payload
11/08/13 11:47:28 >> : -- transform #13 payload
11/08/13 11:47:28 >> : -- transform #14 payload
11/08/13 11:47:28 >> : -- transform #15 payload
11/08/13 11:47:28 >> : -- transform #16 payload
11/08/13 11:47:28 >> : -- transform #17 payload
11/08/13 11:47:28 >> : -- transform #18 payload
11/08/13 11:47:28 >> : key exchange payload
11/08/13 11:47:28 >> : nonce payload
11/08/13 11:47:28 >> : identification payload
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports XAUTH
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports nat-t ( draft v00 )
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports nat-t ( draft v01 )
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports nat-t ( draft v02 )
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports nat-t ( draft v03 )
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports nat-t ( rfc )
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports FRAGMENTATION
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports DPDv1
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local is SHREW SOFT compatible
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local is NETSCREEN compatible
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local is SIDEWINDER compatible
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local is CISCO UNITY compatible
11/08/13 11:47:28 >= : cookies 239bc090b5ec1ce4:0000000000000000
11/08/13 11:47:28 >= : message 00000000
11/08/13 11:47:28 -> : send IKE packet 192.168.95.101:500 -> 
212.46.132.226:500 ( 1194 bytes )
11/08/13 11:47:29 DB : phase1 resend event scheduled ( ref count = 2 )
11/08/13 11:47:34 -> : resend 1 phase1 packet(s) 192.168.95.101:500 -> 
212.46.132.226:500
11/08/13 11:47:39 -> : resend 1 phase1 packet(s) 192.168.95.101:500 -> 
212.46.132.226:500
11/08/13 11:47:44 -> : resend 1 phase1 packet(s) 192.168.95.101:500 -> 
212.46.132.226:500
11/08/13 11:47:49 ii : resend limit exceeded for phase1 exchange
11/08/13 11:47:49 ii : phase1 removal before expire time
11/08/13 11:47:49 DB : phase1 deleted ( obj count = 0 )
11/08/13 11:47:49 DB : policy not found
11/08/13 11:47:49 DB : policy not found
11/08/13 11:47:49 DB : policy not found
11/08/13 11:47:49 DB : policy not found
11/08/13 11:47:49 DB : policy not found
11/08/13 11:47:49 DB : policy not found
11/08/13 11:47:49 DB : tunnel stats event canceled ( ref count = 1 )
11/08/13 11:47:49 DB : removing tunnel config references
11/08/13 11:47:49 DB : removing tunnel phase2 references
11/08/13 11:47:49 DB : removing tunnel phase1 references
11/08/13 11:47:49 DB : tunnel deleted ( obj count = 0 )
11/08/13 11:47:49 DB : removing all peer tunnel refrences
11/08/13 11:47:49 DB : peer deleted ( obj count = 0 )
11/08/13 11:47:49 ii : ipc client process thread exit ...


192.168.95.101 is my local (NAT) Ip address

Any help would be appreciated

David
Dragonnet


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110813/1bc40368/attachment-0001.html>

More information about the vpn-help mailing list