[vpn-help] Security association expires immediately after connection to Juniper SSG
Val Dodge
vald at easypps.com
Wed Jul 6 11:26:12 CDT 2011
Hi,
We're testing the Shrew Soft VPN client and we're having an issue
establishing a connection to our Juniper SSG-140 firewall; the Shrew
Soft client works fine with our Juniper SSG-5. As far as I can tell, the
VPN configurations on both the firewall and client are identical except
for IP addresses, credentials, and the like.
When I connect to the problematic firewall, the client connects
successfully and reports that the connection is up, But the Network tab
shows one Security Association established and almost immediately
expired and no traffic actually makes it through.
The two Juniper firewalls' configurations are basically identical, with
the exception of having slighly different patch levels of ScreenOS:
6.0.0R5 on the misbehaving connection, versus 6.0.0R3 on the one that's
fine. I'm currently testing from a Windows 7 Professional 64-bit
workstation with version 2.1.7 of the Shrew client, but I also see the
same behaviour with Shrew clients 2.1.5 -> 2.2.0-beta-1 on Linux and
older 32- and 64-bit versions of Windows.
The iked.log is attached. The SSG logs don't show any difference between
the successful and unsuccessful connections.
I'd appreciate any pointers about where to look for the problem or what
other parameters I may be able to tweak.
Thanks,
Val
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iked.log
Type: text/x-log
Size: 31154 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110706/b28d275a/attachment-0001.bin>
More information about the vpn-help
mailing list