[vpn-help] Shrew VPN Client + Juniper SRX : Autodisconnect

Jeroen J.A.W. Hermans j.hermans at epsys.nl
Mon Dec 17 12:19:05 CST 2012 

Hi Matthew,

No problem. I understand that sometimes people have other things to do 
than helping me :)
I did disable the DPD, but that did not help at all. I basically 
disabled everything that was "fancy" in any way. In my previous mail i 
already described that the SRX series of Juniper have NO debugging 
whatsoever. The NS25 nicely said: negotiations failed because xxxxx, but 
this device does not even tell me whether P1 or P2 has been the problem.
My guess is that Juniper has implemented some kind of keep alive in the 
Juniper Pulse software that is not implemented in Shrew. I did not have 
the time to debug any further as this was a live system. The only 
solution was to buy licenses for the Pulse client :(
But if you figure this one out, i am very much interested.
Kind regards,

Jeroen Hermans

On 17-12-2012 19:06, Matthew Grooms wrote:
> Jeron and Gregory,
>
> Sorry for the lack of response in May. There was a long stretch of 
> time where my schedule was so constricted that I just wasn't able to 
> answer questions on the list. I hope to do much better in the future. 
> Many, many thanks to the regular list members who have been doing an 
> amazing job by answering questions and providing collaborative support 
> to the mailing list.
>
> With that said, did either of you try to disable DPD on the client 
> side to see if it allowed the connection to last more than a minute? 
> Also, is there an error message displayed in the gateway log that 
> offers some explanation as to why the client gets disconnected?
>
> Thanks,
>
> -Matthew
>
> On 12/17/2012 5:46 AM, Jeroen J.A.W. Hermans wrote:
>> Hello all,
>>
>> I am the person asking this question in May 2012. Unfortunally i did not
>> resolve the question and i bought the Juniper Pulse client licenses.
>> That seems to work, but i have no idea why Shrewsoft is not working.
>> Btw: i would never buy an SRX again. The debugging is, well.. none
>> existent. And my Juniper SRX210 has been rooted through the SSH server.
>> Juniper's advise was to disable all external management, which of course
>> is not an option. Really really poor job Juniper! I really liked the
>> NS25. Next time i will buy two Draytek routers and use them in a high
>> availability configuration. That saves me a lot of pain and money.
>> Sorry for the rant, but especially the SSH vulnerability is important
>> for all you guys. IF someone finds a solution for Shrew + SRX, i am
>> still very interested!
>> Kind regards,
>>
>>          Jeroen Hermans
>>
>

More information about the vpn-help mailing list