[vpn-help] Mac OS Lion Error on VPN Connection

Kevin VPN kvpn at live.com
Thu Jan 26 21:30:17 CST 2012 

On 01/26/2012 04:17 PM, Rui Cordeiro wrote:
> Hi,
>
> Double check the phase 1 options or the shared secret, something is different
> from the previous configs you had.
> Maybe the profile isn't exactly the same.
>
> Regards,
>
> Rui Cordeiro
>
> Phone: +351 912 128 019
> E-mail:rmacordeiro at gmail.com
>
>
> On 01/26/2012 08:59 PM, Ali Akbar Sohanghpurwala wrote:
>>
>>  Kevin:
>>
>>  I have been using Shrew VPN Client on my windows machines for some time now
>>  without any problems. I am not an expert in VPN but I have managed to follow
>>  setup instructions and get it to work. I have a Juniper SSG5 at work and I VPN
>>  into it. Recently I purchased a MacBook Pro with OS Lion. I have installed and
>>  Parallels and Win 7 in the virtual machine.
>>
>>  At first I installed Shrew VPN Client 2.17 on the Win 7 exactly the way I have
>>  on my other machines and it gave me an error. So I obtained the instructions
>>  from your site and installed 2.2 on OS Lion. It also gives me the same error.
>>  On the laptop it goes all the way up to bringing up the tunnel and then fails
>>  with the following message:
>>
>>  “negotiation timeout occurred, tunnel disabled, detached from key daemon”
>>
>>  On the Juniper SSG5 I get the following message:
>>
>>  “Rejected an IKE packet on ethernet0/0 from 173.14.113.251:1471 to
>>  173.14.113.251:500 with cookies f4cfdea6709b14e8 and 0000000000000000 because
>>  An initial Phase 1 packet arrived from an unrecognized peer gateway.”
>>
>>  Where should I start to look for possible problems?
>>

Hi Ali,

Rui is correct. Look at the Phase1 settings, specifically on the 
Authentication tab in Shrew.  Make sure the settings under Local 
Identity match with the Remote Gateway settings on the Juniper.

Also, do as Rui suggested and make sure the Pre Shared Key matches.  I'd 
even suggest entering it again on both sides, as it's happened at least 
three different times for me that I've made a typo putting it in on one 
side or the other.

Note that if you defined on the Juniper that the Remote Gateway has a 
Static IP Address, it's very possible that this new machine has a 
different IP on your local network, and so it doesn't match what the 
Juniper is expecting.

More information about the vpn-help mailing list