[vpn-help] Security association expires immediately after connection to Juniper SSG
Kevin VPN
kvpn at live.com
Wed Jul 20 21:15:27 CDT 2011
On 07/06/2011 12:26 PM, Val Dodge wrote:
> Hi,
>
> We're testing the Shrew Soft VPN client and we're having an issue
> establishing a connection to our Juniper SSG-140 firewall; the Shrew
> Soft client works fine with our Juniper SSG-5. As far as I can tell, the
> VPN configurations on both the firewall and client are identical except
> for IP addresses, credentials, and the like.
>
> When I connect to the problematic firewall, the client connects
> successfully and reports that the connection is up, But the Network tab
> shows one Security Association established and almost immediately
> expired and no traffic actually makes it through.
>
...
>
> The iked.log is attached. The SSG logs don't show any difference between
> the successful and unsuccessful connections.
>
Hi Val,
I notice a couple things in the iked.log output, but the one that jumps
out at me is this one:
11/07/05 12:47:34 ii : - loc ANY:192.168.8.26:* -> ANY:192.168.0.0/16:*
11/07/05 12:47:34 ii : - rmt ANY:192.168.0.0/16:* -> ANY:192.168.8.26:*
This suggests that you have overlapping IP ranges between the addresses
you're assigning to the VPN clients and the destination network. This
could be causing problems. Do you have this same configuration on the
SSG-5?
More information about the vpn-help
mailing list