[vpn-help] Simple shrew dialup vpn user with SSG-140 does not works - Please Help
kevin vpn
kvpn at live.com
Tue Jun 28 21:54:40 CDT 2011
On Tue, 28 Jun 2011 07:21:09 +0200
Francisco Javier Morales López de Gamarra <fmorales_htw at hotmail.com>
wrote:
>
> Please, any help would be very appreciated
>
> > From: fmorales_htw at hotmail.com
> > To: vpn-help at lists.shrew.net
> > Date: Mon, 27 Jun 2011 09:29:17 +0200
> > Subject: [vpn-help] Simple shrew dialup vpn user with SSG-140 does
> > not works - Please Help
> >
> >
> > Hi, I am trying to setup a simple dial-up vpn user with shrew and
> > Juniper SSG-140 using the tutorial
> > http://www.shrew.net/support/wiki/HowtoJuniperSsg
> >
> >
> > but it does not works....
> >
> >
> > I always get the following error:
> >
> > 2011-06-27 09:15:45 info IKE<88.xxxxxxxx>: XAuth login was aborted
> > for gateway <vpnclient_gateway>, username <joe>, retry: 0.
> > 2011-06-27 09:15:39 info Rejected an IKE packet on ethernet0/9 from
> > 88.xxxxxxxx:58125 to 62.XXx.XXX.XXX:4500 with cookies
> > 429c1915bb026bce and c125368ff8ef5fb4 because a Phase 2 packet
> > arrived while XAuth was still pending. 2011-06-27 09:15:39 info
> > IKE<88.2.163.210> Phase 1: Completed Aggressive mode negotiations
> > with a <28800>-second lifetime. 2011-06-27 09:15:39 info
...
> >
> > Here is my shrew file:
> >
> > n:version:2
> > n:network-ike-port:500
...
> > s:client-auto-mode:pull
> > s:client-iface:virtual
> > s:network-natt-mode:enable
> > s:network-frag-mode:enable
> > s:auth-method:mutual-psk-xauth
...
> >
> > Any help would be very appreciated.
> >
Hi Francisco,
In the Shrew site config, change the Auto Configuration to "ike config
push". If you're editing the config file by hand, change
s:client-auto-mode:pull to s:client-auto-mode:push
More information about the vpn-help
mailing list