[vpn-help] Shrew disconnects from Juniper SRX210 after some minutes

Jeroen J.A.W. Hermans j.hermans at epsys.nl
Tue Apr 3 15:09:48 CDT 2012 

Dear all,

I have a problem i have been working on a few weeks now and i don't seem 
to be able to get Shrew to work nicely with my Juniper SRX210. Setting 
up a VPN to the SRX is not a problem. Phase 1 and 2 are completed 
succesfully. I am able to ping to the other netwerk without any 
problems, but after about 6 minutes Shrew disconnects (see tracedump 
under this mail). I am using a Juniper SRX210 running JunOS 11.1R1.10 
and Shrew VPN 2.2.0. I am using a cabled network and i am behind a NAT 
router.
I would highly appreciate any help from this list. thank you very much 
in advance.
Kind regards,

Jeroen Hermans

--

12/04/03 21:59:26 -> : send NAT-T:KEEP-ALIVE packet 10.1.2.28:4500 -> 
***.***.***.***:4500
12/04/03 21:59:56 DB : phase1 found
12/04/03 21:59:56 -> : send NAT-T:KEEP-ALIVE packet 10.1.2.28:4500 -> 
***.***.***.***:4500
12/04/03 22:00:26 DB : phase1 found
12/04/03 22:00:26 -> : send NAT-T:KEEP-ALIVE packet 10.1.2.28:4500 -> 
***.***.***.***:4500
12/04/03 22:00:56 <- : recv NAT-T:IKE packet ***.***.***.***:4500 -> 
10.1.2.28:4500 ( 76 bytes )
12/04/03 22:00:56 DB : phase1 found
12/04/03 22:00:56 ii : processing informational packet ( 76 bytes )
12/04/03 22:00:56 == : new informational iv ( 8 bytes )
12/04/03 22:00:56 =< : cookies 8dfe7e4c15df885a:041ded309be90dc0
12/04/03 22:00:56 =< : message d3ef1f66
12/04/03 22:00:56 =< : decrypt iv ( 8 bytes )
12/04/03 22:00:56 == : decrypt packet ( 76 bytes )
12/04/03 22:00:56 <= : stored iv ( 8 bytes )
12/04/03 22:00:56 DB : phase1 found
12/04/03 22:00:56 -> : send NAT-T:KEEP-ALIVE packet 10.1.2.28:4500 -> 
***.***.***.***:4500
12/04/03 22:00:56 << : hash payload
12/04/03 22:00:56 << : delete payload
12/04/03 22:00:56 == : informational hash_i ( computed ) ( 16 bytes )
12/04/03 22:00:56 == : informational hash_c ( received ) ( 16 bytes )
12/04/03 22:00:56 ii : informational hash verified
12/04/03 22:00:56 ii : received peer DELETE message
12/04/03 22:00:56 ii : - ***.***.***.***:4500 -> 10.1.2.28:4500
12/04/03 22:00:56 ii : - isakmp spi = 8dfe7e4c15df885a:041ded309be90dc0
12/04/03 22:00:56 DB : phase1 found
12/04/03 22:00:56 ii : cleanup, marked phase1 
8dfe7e4c15df885a:041ded309be90dc0 for removal
12/04/03 22:00:56 DB : phase1 soft event canceled ( ref count = 5 )
12/04/03 22:00:56 DB : phase1 hard event canceled ( ref count = 4 )
12/04/03 22:00:56 DB : phase1 dead event canceled ( ref count = 3 )
12/04/03 22:00:56 DB : config deleted ( obj count = 0 )
12/04/03 22:00:56 ii : phase1 removal before expire time
12/04/03 22:00:56 DB : phase1 not found
12/04/03 22:00:56 DB : policy found
12/04/03 22:00:56 ii : removing IPSEC INBOUND policy ANY:194.1.1.0/24:* 
-> ANY:192.168.1.29:*
12/04/03 22:00:56 K> : send pfkey X_SPDDELETE2 UNSPEC message
12/04/03 22:00:56 DB : policy found
12/04/03 22:00:56 ii : removing IPSEC OUTBOUND policy ANY:192.168.1.29:* 
-> ANY:194.1.1.0/24:*
12/04/03 22:00:56 K> : send pfkey X_SPDDELETE2 UNSPEC message
12/04/03 22:00:56 K< : recv pfkey X_SPDDELETE2 UNSPEC message
12/04/03 22:00:56 ii : removed IPSEC policy route for ANY:194.1.1.0/24:*
12/04/03 22:00:56 DB : policy found
12/04/03 22:00:56 ii : removing NONE INBOUND policy 
ANY:***.***.***.***:* -> ANY:10.1.2.28:*
12/04/03 22:00:56 K> : send pfkey X_SPDDELETE2 UNSPEC message
12/04/03 22:00:56 DB : policy found
12/04/03 22:00:56 ii : removing NONE OUTBOUND policy ANY:10.1.2.28:* -> 
ANY:***.***.***.***:*
12/04/03 22:00:56 K> : send pfkey X_SPDDELETE2 UNSPEC message
12/04/03 22:00:56 ii : removed NONE policy route for ANY:***.***.***.***:*
12/04/03 22:00:56 DB : policy found
12/04/03 22:00:56 ii : removing NONE INBOUND policy ANY:10.1.2.2:* -> 
ANY:192.168.1.29:*
12/04/03 22:00:56 K> : send pfkey X_SPDDELETE2 UNSPEC message
12/04/03 22:00:56 DB : policy found
12/04/03 22:00:56 ii : removing NONE OUTBOUND policy ANY:192.168.1.29:* 
-> ANY:10.1.2.2:*
12/04/03 22:00:56 K> : send pfkey X_SPDDELETE2 UNSPEC message
12/04/03 22:00:56 DB : policy found
12/04/03 22:00:56 DB : phase1 deleted ( obj count = 0 )
12/04/03 22:00:56 DB : policy deleted ( obj count = 8 )
12/04/03 22:00:56 K< : recv pfkey X_SPDDELETE2 UNSPEC message
12/04/03 22:00:56 DB : policy found
12/04/03 22:00:56 DB : policy deleted ( obj count = 7 )
12/04/03 22:00:56 K< : recv pfkey X_SPDDELETE2 UNSPEC message
12/04/03 22:00:56 DB : policy found
12/04/03 22:00:56 DB : policy deleted ( obj count = 6 )
12/04/03 22:00:56 K< : recv pfkey X_SPDDELETE2 UNSPEC message
12/04/03 22:00:56 DB : policy found
12/04/03 22:00:56 DB : policy deleted ( obj count = 5 )
12/04/03 22:00:56 K< : recv pfkey X_SPDDELETE2 UNSPEC message
12/04/03 22:00:56 DB : policy found
12/04/03 22:00:56 DB : policy deleted ( obj count = 4 )
12/04/03 22:00:56 K< : recv pfkey X_SPDDELETE2 UNSPEC message
12/04/03 22:00:56 DB : policy found
12/04/03 22:00:56 DB : policy deleted ( obj count = 3 )
12/04/03 22:00:56 ii : disable adapter ROOT\VNET\0000
12/04/03 22:00:56 DB : tunnel natt event canceled ( ref count = 3 )
12/04/03 22:00:56 DB : tunnel stats event canceled ( ref count = 2 )
12/04/03 22:00:56 DB : removing tunnel config references
12/04/03 22:00:56 DB : removing tunnel phase2 references
12/04/03 22:00:56 DB : phase2 soft event canceled ( ref count = 2 )
12/04/03 22:00:56 DB : phase2 hard event canceled ( ref count = 1 )
12/04/03 22:00:56 DB : phase1 not found
12/04/03 22:00:56 K> : send pfkey DELETE ESP message
12/04/03 22:00:56 K> : send pfkey DELETE ESP message
12/04/03 22:00:56 ii : phase2 removal before expire time
12/04/03 22:00:56 DB : phase2 deleted ( obj count = 0 )
12/04/03 22:00:56 DB : removing tunnel phase1 references
12/04/03 22:00:56 DB : tunnel deleted ( obj count = 0 )
12/04/03 22:00:56 DB : removing all peer tunnel refrences
12/04/03 22:00:56 DB : peer deleted ( obj count = 0 )
12/04/03 22:00:56 ii : ipc client process thread exit ...
12/04/03 22:00:56 K< : recv pfkey DELETE ESP message
12/04/03 22:00:56 K< : recv pfkey DELETE ESP message

More information about the vpn-help mailing list