[vpn-help] Shrew with Juniper NS5GT VPN

kevin vpn klmlk at hotmail.com
Mon Jan 3 10:04:54 CST 2011

On Sat, 25 Dec 2010 22:46:00 GMT
"sept771 at netzero.com" <sept771 at netzero.com> wrote:

> Our NS5GT VPN is currently configured to works with NetScreen Remote
> Client without XAuth.  I am trying to configure Shrew to connect to
> it but my connection stuck on "bringing up tunnel".  I have followed
> your online instruction without luck.  What am I doing wrong? John

It seems that on NetScreen, XAuth not only authenticates the user, but
it is also the process that auto-configures the Shrew client with
virtual adapter IP address/netmask information.  If you turn off XAuth
in the NetScreen gateway config, you also disable client configuration.

Without getting the virtual adapter information, the connection process
never completes properly because the Phase 2 negotiation cannot occur.

The only solution that I know of is to use a fixed virtual adapter
address.  In other words, in the Shrew site configuration, on the
General tab, uncheck "Obtain Automatically" and manually enter an
Address and Netmask.

More information about the vpn-help mailing list