[vpn-help] SAs expire immediately, connecting to Juniper SSG via Shrew
Tim Keane
tim.keane at vitac.com
Thu Dec 8 14:18:51 CST 2011
>
> This phase2 loop suggests to me that something still isn't right with
> phase2.
>
> You say you're using Juniper and can see the logs. Does it report a
> "completed negotiations" message in the event log? It will list the the
> lifetime so you can see if it matches what Shrew reports.
>
> There's also a 'debug ike' command you can run at the CLI that may also
> shed some light on things.
>
Yes, I am seeing the 'completed negotiations' message in the Juniper
event log. The lifetime of 3600 s / 0 KB matches the parameters in the
Shrew client's configuration.
I've been examining the debug ike output, but I'm pretty much seeing the same
thing. The connection seems to be made, the Shrew client continues to send
Phase2 packets, eventually hitting its resend limit, at which point it
sends a peer delete message.
More information about the vpn-help
mailing list