[vpn-help] SAs expire immediately, connecting to Juniper SSG via Shrew

Kevin VPN kvpn at live.com
Mon Dec 12 21:31:54 CST 2011


On 12/08/2011 03:18 PM, Tim Keane wrote:
>
> Yes, I am seeing the 'completed negotiations' message in the Juniper
> event log.  The lifetime of 3600 s / 0 KB matches the parameters in the
> Shrew client's configuration.
>
> I've been examining the debug ike output, but I'm pretty much seeing the same
> thing.  The connection seems to be made, the Shrew client continues to send
> Phase2 packets, eventually hitting its resend limit, at which point it
> sends a peer delete message.
>

Are you using a policy-based or route-based VPN on the Juniper?  Have 
you also done flow filters and/or snoops in conjunction with the debug ike?

If you want, you can send me the get db str output and I can take a look 
at it (feel free to anonymize IPs/usernames).



More information about the vpn-help mailing list