[vpn-help] Juniper SRX210 NAT-T problems

Gergely Kiss mail.gery at gmail.com
Wed Jul 6 06:00:33 CDT 2011


Just a small extra information: if I disable NAT-T manually on the client,
the problem seems to go away, but only on Windows 7. My WinXP test machine
keeps disconnecting no matter how I configure NAT-T settings.


Regards
Gergely Kiss

On 5 July 2011 11:06, Gergely Kiss <mail.gery at gmail.com> wrote:

> Dear List!
>
> I'm having problems while connecting to a Juniper SRX210 firewall running
> JunOS 11.1R1.10. I'm using the latest stable Shrewsoft client (2.1.7) on
> Windows 7 (but the issue happens on Windows XP, too).
>
> If I try to connect from a device with a public IP-address, like a mobile
> broadband connection (without using NAT-T), everything works perfectly, but
> if I connect through a NAT device (Linksys WRT54GS), the connection works
> only for 6-7 minutes and then it terminates with no particular reason (the
> error message is: "session terminated by gateway").
>
> My home firewall runs OpenWRT 0.9 and as far as I know, it doesn't have any
> kind of ipsec passthrough option enabled (though it seems to be using a
> one-to-one translation for connections made to port udp/4500).
>
> The strange thing is that using another client (vpnc) with the same network
> configuration, I don't experience these strange connection drops.
>
> Filtering rules on my home firewall are pretty simple: outbound connections
> are not filtered, I only have a couple of rules set on the INPUT chain, but
> none of them uses any conflicting ports.
>
> I already tried debugging both ends, but I found nothing helpful in the
> logs (except some "config packet ignored" messages on the client). I already
> tried upgrading to the latest beta release (2.2.0-beta-1), but the issues
> still exists.
>
> Could you please give me a clue on how to solve this?
>
>
> Best Regards
> Gergely Kiss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110706/9f2fe5b2/attachment-0002.html>


More information about the vpn-help mailing list