[vpn-help] Shrew VPN with SSG114
Christian Brandes
christian.brandes at forschungsgruppe.de
Wed Jul 27 04:54:01 CDT 2011
Hi Chris,
> Rejected an IKE packet on ethernet0/2 from 86.189.19.236:57958 to XXX.XXX.XXX.XXXX:500 with cookies 202fae23c1e61f6b and 0000000000000000 because an initial Phase 1 packet arrived from an unrecognized peer gateway.
This means, your Juniper appliance does not recognize the calling peer.
It could be an issue with IKE Identity / IKE ID Type. Both must match at both ends (Juniper and VPN client).
If you set IKE ID Type to "Auto" on the Juniper it changes to FQDN, IPADDR or U-FQDN on its own, depending on the IKE Identity inserted.
If this does not solve your problem, please use "Shrew Soft VPN Trace" to gather more meaningfull information.
Possibly you have to run it with administrator permissions to be able to see log entries.
Best regards
Christian
More information about the vpn-help
mailing list