[vpn-help] Cannot connect to IKE VPN with Shrewsoft using Windows 7
Dragonnet Support
domain at dragonnet.co.uk
Sat Aug 13 05:52:22 CDT 2011
Hi,
I am setting up a IKE VPN gateway to a Juniper SSX series firewall. The
connection is now working however I carried out the initial work on my
notebook. This failed to connect and at no point showed any record in
the logs of the Juniper of attempting a connection. After much work
debugging I tried a different machine and this connected correctly first
time (using the same Internet gateway).
The symptom is that shrewsoft appears to install correctly (I have tried
this two or three times and rebooted each time) but times out on the
initial phase 1 key sending. It would appear that something is
preventing it from connecting. I have disabled both the windows
firewall and the antivirus (AVG).
The workstation is running Windows 7 Pro (32 bit) and I am using the
2.1.7 version of Shrewsoft. The other machine is in fact Windows 7 Home
(32 bit) and worked correctly with the same shrewsoft version.
Although my problem has been resolved (by using a different workstation)
I am concerned that I may encounter problems when I deploy the solution
to users.
Detailed below is the log output:-
11/08/13 11:47:06 ## : IKE Daemon, ver 2.1.7
11/08/13 11:47:06 ## : Copyright 2010 Shrew Soft Inc.
11/08/13 11:47:06 ## : This product linked OpenSSL 0.9.8h 28 May 2008
11/08/13 11:47:06 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
11/08/13 11:47:06 ii : rebuilding vnet device list ...
11/08/13 11:47:06 ii : device ROOT\VNET\0000 disabled
11/08/13 11:47:06 ii : network process thread begin ...
11/08/13 11:47:06 ii : ipc server process thread begin ...
11/08/13 11:47:06 ii : pfkey process thread begin ...
11/08/13 11:47:28 ii : ipc client process thread begin ...
11/08/13 11:47:28 <A : peer config add message
11/08/13 11:47:28 DB : peer added ( obj count = 1 )
11/08/13 11:47:28 ii : local address 192.168.95.101 selected for peer
11/08/13 11:47:28 DB : tunnel added ( obj count = 1 )
11/08/13 11:47:28 <A : proposal config message
11/08/13 11:47:28 <A : proposal config message
11/08/13 11:47:28 <A : client config message
11/08/13 11:47:28 <A : xauth username message
11/08/13 11:47:28 <A : xauth password message
11/08/13 11:47:28 <A : local id 'client.pivotss.net' message
11/08/13 11:47:28 <A : remote id 'vpngw.pivotss.net' message
11/08/13 11:47:28 <A : preshared key message
11/08/13 11:47:28 <A : remote resource message
11/08/13 11:47:28 <A : peer tunnel enable message
11/08/13 11:47:28 DB : new phase1 ( ISAKMP initiator )
11/08/13 11:47:28 DB : exchange type is aggressive
11/08/13 11:47:28 DB : 192.168.95.101:500 <-> 212.46.132.226:500
11/08/13 11:47:28 DB : 239bc090b5ec1ce4:0000000000000000
11/08/13 11:47:28 DB : phase1 added ( obj count = 1 )
11/08/13 11:47:28 >> : security association payload
11/08/13 11:47:28 >> : - proposal #1 payload
11/08/13 11:47:28 >> : -- transform #1 payload
11/08/13 11:47:28 >> : -- transform #2 payload
11/08/13 11:47:28 >> : -- transform #3 payload
11/08/13 11:47:28 >> : -- transform #4 payload
11/08/13 11:47:28 >> : -- transform #5 payload
11/08/13 11:47:28 >> : -- transform #6 payload
11/08/13 11:47:28 >> : -- transform #7 payload
11/08/13 11:47:28 >> : -- transform #8 payload
11/08/13 11:47:28 >> : -- transform #9 payload
11/08/13 11:47:28 >> : -- transform #10 payload
11/08/13 11:47:28 >> : -- transform #11 payload
11/08/13 11:47:28 >> : -- transform #12 payload
11/08/13 11:47:28 >> : -- transform #13 payload
11/08/13 11:47:28 >> : -- transform #14 payload
11/08/13 11:47:28 >> : -- transform #15 payload
11/08/13 11:47:28 >> : -- transform #16 payload
11/08/13 11:47:28 >> : -- transform #17 payload
11/08/13 11:47:28 >> : -- transform #18 payload
11/08/13 11:47:28 >> : key exchange payload
11/08/13 11:47:28 >> : nonce payload
11/08/13 11:47:28 >> : identification payload
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports XAUTH
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports nat-t ( draft v00 )
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports nat-t ( draft v01 )
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports nat-t ( draft v02 )
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports nat-t ( draft v03 )
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports nat-t ( rfc )
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports FRAGMENTATION
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local supports DPDv1
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local is SHREW SOFT compatible
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local is NETSCREEN compatible
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local is SIDEWINDER compatible
11/08/13 11:47:28 >> : vendor id payload
11/08/13 11:47:28 ii : local is CISCO UNITY compatible
11/08/13 11:47:28 >= : cookies 239bc090b5ec1ce4:0000000000000000
11/08/13 11:47:28 >= : message 00000000
11/08/13 11:47:28 -> : send IKE packet 192.168.95.101:500 ->
212.46.132.226:500 ( 1194 bytes )
11/08/13 11:47:29 DB : phase1 resend event scheduled ( ref count = 2 )
11/08/13 11:47:34 -> : resend 1 phase1 packet(s) 192.168.95.101:500 ->
212.46.132.226:500
11/08/13 11:47:39 -> : resend 1 phase1 packet(s) 192.168.95.101:500 ->
212.46.132.226:500
11/08/13 11:47:44 -> : resend 1 phase1 packet(s) 192.168.95.101:500 ->
212.46.132.226:500
11/08/13 11:47:49 ii : resend limit exceeded for phase1 exchange
11/08/13 11:47:49 ii : phase1 removal before expire time
11/08/13 11:47:49 DB : phase1 deleted ( obj count = 0 )
11/08/13 11:47:49 DB : policy not found
11/08/13 11:47:49 DB : policy not found
11/08/13 11:47:49 DB : policy not found
11/08/13 11:47:49 DB : policy not found
11/08/13 11:47:49 DB : policy not found
11/08/13 11:47:49 DB : policy not found
11/08/13 11:47:49 DB : tunnel stats event canceled ( ref count = 1 )
11/08/13 11:47:49 DB : removing tunnel config references
11/08/13 11:47:49 DB : removing tunnel phase2 references
11/08/13 11:47:49 DB : removing tunnel phase1 references
11/08/13 11:47:49 DB : tunnel deleted ( obj count = 0 )
11/08/13 11:47:49 DB : removing all peer tunnel refrences
11/08/13 11:47:49 DB : peer deleted ( obj count = 0 )
11/08/13 11:47:49 ii : ipc client process thread exit ...
192.168.95.101 is my local (NAT) Ip address
Any help would be appreciated
David
Dragonnet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110813/1bc40368/attachment-0001.html>
More information about the vpn-help
mailing list