[vpn-help] SAs expire immediately, connecting to Juniper SSG via Shrew
Kevin VPN
kvpn at live.com
Mon Nov 7 21:13:25 CST 2011
On 10/27/2011 04:22 PM, Tim Keane wrote:
>
> When I attempt to connect using Shrew, Phase1 and Phase2 negotiations are
> completed successfully. However, the SAs immediately expire. This is happening
> using Shrew v. 2.1.7 and 2.2.0, on both XP and Win7 client computers.
>
...
> 11/10/27 15:01:47 ii : processing phase2 packet ( 76 bytes )
> 11/10/27 15:01:47 ii : processing phase2 packet ( 76 bytes )
> 11/10/27 15:01:47 DB : phase2 found
> 11/10/27 15:01:47 DB : phase2 found
> 11/10/27 15:01:47 !! : phase2 packet ignored, resending last packet ( phase2
> already mature )
> 11/10/27 15:01:47 !! : phase2 packet ignored, resending last packet ( phase2
> already mature )
>
Hi Tim,
I would suggest that your problem is that Phase 2 is not completing
successfully. Shrew might think that it's complete (mature), but the
gateway is still sending configure packets, suggesting that it does not
agree. I've seen this before, but can't remember exactly the cause.
Maybe the proxy ids or policies didn't match?
Double-check your Phase 2, proxy and/or policy settings to be sure they
are the same on both the client and gateway.
More information about the vpn-help
mailing list