[vpn-help] SAs expire immediately, connecting to Juniper SSG via Shrew
Kevin VPN
kvpn at live.com
Mon Dec 12 21:31:54 CST 2011
On 12/08/2011 03:18 PM, Tim Keane wrote:
>
> Yes, I am seeing the 'completed negotiations' message in the Juniper
> event log. The lifetime of 3600 s / 0 KB matches the parameters in the
> Shrew client's configuration.
>
> I've been examining the debug ike output, but I'm pretty much seeing the same
> thing. The connection seems to be made, the Shrew client continues to send
> Phase2 packets, eventually hitting its resend limit, at which point it
> sends a peer delete message.
>
Are you using a policy-based or route-based VPN on the Juniper? Have
you also done flow filters and/or snoops in conjunction with the debug ike?
If you want, you can send me the get db str output and I can take a look
at it (feel free to anonymize IPs/usernames).
More information about the vpn-help
mailing list