[vpn-help] VPN Client 2.1.7 and Netscreen NS25

Geoffrey Jacobsen gjacobsen at prsguitars.com
Tue Jan 11 09:21:51 CST 2011 

I've setup client and gateway as suggested in documentation for Netscreen devices and can't get a positive result. Always times out with message 'resend limit exceeded for phase1 exchange' and closes down the processes.

I've ensured IP addressing isn't overlapping; I've reinstalled and run client under admin account; I've switched from using virtual adapter and existing, I've tried wireless and wired, all to no avail.

System:
Lenovo Thinkpad T510
Windows 7 Pro 64 bit

Gateway:
Netscreen NS25
Firmware version 5.4.0r11.0 (Firewall+VPN)

Trace Output:
11/01/11 10:03:51 ## : IKE Daemon, ver 2.1.7
11/01/11 10:03:51 ## : Copyright 2010 Shrew Soft Inc.
11/01/11 10:03:51 ## : This product linked OpenSSL 0.9.8h 28 May 2008
11/01/11 10:03:51 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log'
11/01/11 10:03:51 ii : opened 'C:\Program Files\ShrewSoft\VPN Client/debug/dump-ike-decrypt.cap'
11/01/11 10:03:51 ii : rebuilding vnet device list ...
11/01/11 10:03:51 ii : device ROOT\VNET\0000 disabled
11/01/11 10:03:51 ii : network process thread begin ...
11/01/11 10:03:51 ii : pfkey process thread begin ...
11/01/11 10:03:51 ii : ipc server process thread begin ...
11/01/11 10:04:07 ii : ipc client process thread begin ...
11/01/11 10:04:07 <A : peer config add message
11/01/11 10:04:07 DB : peer added ( obj count = 1 )
11/01/11 10:04:07 ii : local address 172.16.0.152 selected for peer
11/01/11 10:04:07 DB : tunnel added ( obj count = 1 )
11/01/11 10:04:07 <A : proposal config message
11/01/11 10:04:07 <A : proposal config message
11/01/11 10:04:07 <A : client config message
11/01/11 10:04:07 <A : xauth username message
11/01/11 10:04:07 <A : xauth password message
11/01/11 10:04:07 <A : local id 'client.domain.com' message
11/01/11 10:04:07 <A : remote id 'vpngw.domain.com' message
11/01/11 10:04:07 <A : preshared key message
11/01/11 10:04:07 <A : remote resource message
11/01/11 10:04:07 <A : peer tunnel enable message
11/01/11 10:04:07 DB : new phase1 ( ISAKMP initiator )
11/01/11 10:04:07 DB : exchange type is aggressive
11/01/11 10:04:07 DB : 172.16.0.152:500 <-> [MASKED IP]:500
11/01/11 10:04:07 DB : 5f8212b134209bf6:0000000000000000
11/01/11 10:04:07 DB : phase1 added ( obj count = 1 )
11/01/11 10:04:07 >> : security association payload
11/01/11 10:04:07 >> : - proposal #1 payload
11/01/11 10:04:07 >> : -- transform #1 payload
11/01/11 10:04:07 >> : -- transform #2 payload
11/01/11 10:04:07 >> : -- transform #3 payload
11/01/11 10:04:07 >> : -- transform #4 payload
11/01/11 10:04:07 >> : -- transform #5 payload
11/01/11 10:04:07 >> : -- transform #6 payload
11/01/11 10:04:07 >> : -- transform #7 payload
11/01/11 10:04:07 >> : -- transform #8 payload
11/01/11 10:04:07 >> : -- transform #9 payload
11/01/11 10:04:07 >> : -- transform #10 payload
11/01/11 10:04:07 >> : -- transform #11 payload
11/01/11 10:04:07 >> : -- transform #12 payload
11/01/11 10:04:07 >> : -- transform #13 payload
11/01/11 10:04:07 >> : -- transform #14 payload
11/01/11 10:04:07 >> : -- transform #15 payload
11/01/11 10:04:07 >> : -- transform #16 payload
11/01/11 10:04:07 >> : -- transform #17 payload
11/01/11 10:04:07 >> : -- transform #18 payload
11/01/11 10:04:07 >> : key exchange payload
11/01/11 10:04:07 >> : nonce payload
11/01/11 10:04:07 >> : identification payload
11/01/11 10:04:07 >> : vendor id payload
11/01/11 10:04:07 ii : local supports XAUTH
11/01/11 10:04:07 >> : vendor id payload
11/01/11 10:04:07 ii : local supports nat-t ( draft v00 )
11/01/11 10:04:07 >> : vendor id payload
11/01/11 10:04:07 ii : local supports nat-t ( draft v01 )
11/01/11 10:04:07 >> : vendor id payload
11/01/11 10:04:07 ii : local supports nat-t ( draft v02 )
11/01/11 10:04:07 >> : vendor id payload
11/01/11 10:04:07 ii : local supports nat-t ( draft v03 )
11/01/11 10:04:07 >> : vendor id payload
11/01/11 10:04:07 ii : local supports nat-t ( rfc )
11/01/11 10:04:07 >> : vendor id payload
11/01/11 10:04:07 ii : local supports FRAGMENTATION
11/01/11 10:04:07 >> : vendor id payload
11/01/11 10:04:07 ii : local supports DPDv1
11/01/11 10:04:07 >> : vendor id payload
11/01/11 10:04:07 ii : local is SHREW SOFT compatible
11/01/11 10:04:07 >> : vendor id payload
11/01/11 10:04:07 ii : local is NETSCREEN compatible
11/01/11 10:04:07 >> : vendor id payload
11/01/11 10:04:07 ii : local is SIDEWINDER compatible
11/01/11 10:04:07 >> : vendor id payload
11/01/11 10:04:07 ii : local is CISCO UNITY compatible
11/01/11 10:04:07 >= : cookies 5f8212b134209bf6:0000000000000000
11/01/11 10:04:07 >= : message 00000000
11/01/11 10:04:07 -> : send IKE packet 172.16.0.152:500 -> [MASKED IP]:500 ( 1193 bytes )
11/01/11 10:04:07 DB : phase1 resend event scheduled ( ref count = 2 )
11/01/11 10:04:12 -> : resend 1 phase1 packet(s) 172.16.0.152:500 -> [MASKED IP]:500
11/01/11 10:04:17 -> : resend 1 phase1 packet(s) 172.16.0.152:500 -> [MASKED IP]:500
11/01/11 10:04:22 -> : resend 1 phase1 packet(s) 172.16.0.152:500 -> [MASKED IP]:500
11/01/11 10:04:27 ii : resend limit exceeded for phase1 exchange
11/01/11 10:04:27 ii : phase1 removal before expire time
11/01/11 10:04:27 DB : phase1 deleted ( obj count = 0 )
11/01/11 10:04:27 DB : policy not found
11/01/11 10:04:27 DB : policy not found
11/01/11 10:04:27 DB : policy not found
11/01/11 10:04:27 DB : policy not found
11/01/11 10:04:27 DB : policy not found
11/01/11 10:04:27 DB : policy not found
11/01/11 10:04:27 DB : tunnel stats event canceled ( ref count = 1 )
11/01/11 10:04:27 DB : removing tunnel config references
11/01/11 10:04:27 DB : removing tunnel phase2 references
11/01/11 10:04:27 DB : removing tunnel phase1 references
11/01/11 10:04:27 DB : tunnel deleted ( obj count = 0 )
11/01/11 10:04:27 DB : removing all peer tunnel refrences
11/01/11 10:04:27 DB : peer deleted ( obj count = 0 )
11/01/11 10:04:27 ii : ipc client process thread exit ...

More information about the vpn-help mailing list