[vpn-help] VPN problem with Juniper SSG-140 (6.3.0r9.0)

Comtois, Luc Luc.Comtois at bba.ca
Fri Mar 9 07:14:35 CST 2012


Hello,

Ladies and gentlemen: the story you are about to read is true. Only the IPs have been changed to protect the innocent.

x.x.x.x is my public IP
y.y.y.y is the firewall public IP
z.z.z.z is my private IP

I am having a issue creating a vpn between my Windows 7 Enterprise sp1 32bit machine with Shew Soft vpnclient ver 2.1.7 and my Juniper SSG-140 ver 6.3.0r9.0.

I followed the procedure http://www.shrew.net/support/wiki/HowtoJuniperSsg and read a bunch of post about similar issues but I am unable to make it work.

On the firewall I am getting this error message:

Rejected an IKE packet on ethernet0/0 from x.x.x.x:500 to y.y.y.y:500 with cookies 0568dc4dfbfdf45c and 0000000000000000 because an initial Phase 1 packet arrived from an unrecognized peer gateway.

An this is my Iked.log:
12/03/09 07:44:45 ## : IKE Daemon, ver 2.1.7
12/03/09 07:44:45 ## : Copyright 2010 Shrew Soft Inc.
12/03/09 07:44:45 ## : This product linked OpenSSL 0.9.8h 28 May 2008
12/03/09 07:44:45 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log'
12/03/09 07:44:45 ii : rebuilding vnet device list ...
12/03/09 07:44:45 ii : device ROOT\VNET\0000 disabled
12/03/09 07:44:45 ii : network process thread begin ...
12/03/09 07:44:45 ii : pfkey process thread begin ...
12/03/09 07:44:45 ii : ipc server process thread begin ...
12/03/09 07:44:56 ii : ipc client process thread begin ...
12/03/09 07:44:56 <A : peer config add message
12/03/09 07:44:56 DB : peer added ( obj count = 1 )
12/03/09 07:44:56 ii : local address z.z.z.z.86 selected for peer
12/03/09 07:44:56 DB : tunnel added ( obj count = 1 )
12/03/09 07:44:56 <A : proposal config message
12/03/09 07:44:56 <A : proposal config message
12/03/09 07:44:56 <A : client config message
12/03/09 07:44:56 <A : xauth username message
12/03/09 07:44:56 <A : xauth password message
12/03/09 07:44:56 <A : local id 'user.corp.net' message
12/03/09 07:44:56 <A : remote id 'vpngw.corp.net' message
12/03/09 07:44:56 <A : preshared key message
12/03/09 07:44:56 <A : remote resource message
12/03/09 07:44:56 <A : peer tunnel enable message
12/03/09 07:44:56 DB : new phase1 ( ISAKMP initiator )
12/03/09 07:44:56 DB : exchange type is aggressive
12/03/09 07:44:56 DB : z.z.z.z.86:500 <-> y.y.y.y:500
12/03/09 07:44:56 DB : 48395a78f6d2e09f:0000000000000000
12/03/09 07:44:56 DB : phase1 added ( obj count = 1 )
12/03/09 07:44:56 >> : security association payload
12/03/09 07:44:56 >> : - proposal #1 payload
12/03/09 07:44:56 >> : -- transform #1 payload
12/03/09 07:44:56 >> : key exchange payload
12/03/09 07:44:56 >> : nonce payload
12/03/09 07:44:56 >> : identification payload
12/03/09 07:44:56 >> : vendor id payload
12/03/09 07:44:56 ii : local supports XAUTH
12/03/09 07:44:56 >> : vendor id payload
12/03/09 07:44:56 ii : local supports nat-t ( draft v00 )
12/03/09 07:44:56 >> : vendor id payload
12/03/09 07:44:56 ii : local supports nat-t ( draft v01 )
12/03/09 07:44:56 >> : vendor id payload
12/03/09 07:44:56 ii : local supports nat-t ( draft v02 )
12/03/09 07:44:56 >> : vendor id payload
12/03/09 07:44:56 ii : local supports nat-t ( draft v03 )
12/03/09 07:44:56 >> : vendor id payload
12/03/09 07:44:56 ii : local supports nat-t ( rfc )
12/03/09 07:44:56 >> : vendor id payload
12/03/09 07:44:56 ii : local supports FRAGMENTATION
12/03/09 07:44:56 >> : vendor id payload
12/03/09 07:44:56 ii : local supports DPDv1
12/03/09 07:44:56 >> : vendor id payload
12/03/09 07:44:56 ii : local is SHREW SOFT compatible
12/03/09 07:44:56 >> : vendor id payload
12/03/09 07:44:56 ii : local is NETSCREEN compatible
12/03/09 07:44:56 >> : vendor id payload
12/03/09 07:44:56 ii : local is SIDEWINDER compatible
12/03/09 07:44:56 >> : vendor id payload
12/03/09 07:44:56 ii : local is CISCO UNITY compatible
12/03/09 07:44:56 >= : cookies 48395a78f6d2e09f:0000000000000000
12/03/09 07:44:56 >= : message 00000000
12/03/09 07:44:56 -> : send IKE packet z.z.z.z.86:500 -> y.y.y.y:500 ( 535 bytes )
12/03/09 07:44:56 DB : phase1 resend event scheduled ( ref count = 2 )
12/03/09 07:45:01 -> : resend 1 phase1 packet(s) z.z.z.z.86:500 -> y.y.y.y:500
12/03/09 07:45:06 -> : resend 1 phase1 packet(s) z.z.z.z.86:500 -> y.y.y.y:500
12/03/09 07:45:11 -> : resend 1 phase1 packet(s) z.z.z.z.86:500 -> y.y.y.y:500
12/03/09 07:45:16 ii : resend limit exceeded for phase1 exchange
12/03/09 07:45:16 ii : phase1 removal before expire time
12/03/09 07:45:16 DB : phase1 deleted ( obj count = 0 )
12/03/09 07:45:16 DB : policy not found
12/03/09 07:45:16 DB : policy not found
12/03/09 07:45:16 DB : policy not found
12/03/09 07:45:16 DB : policy not found
12/03/09 07:45:16 DB : policy not found
12/03/09 07:45:16 DB : policy not found
12/03/09 07:45:16 DB : tunnel stats event canceled ( ref count = 2 )
12/03/09 07:45:16 DB : removing tunnel config references
12/03/09 07:45:16 DB : removing tunnel phase2 references
12/03/09 07:45:16 DB : removing tunnel phase1 references
12/03/09 07:45:16 DB : removing all peer tunnel refrences
12/03/09 07:45:16 ii : ipc client process thread exit ...
12/03/09 07:45:16 DB : tunnel deleted ( obj count = 0 )
12/03/09 07:45:16 DB : peer deleted ( obj count = 0 )





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20120309/1be416bd/attachment-0001.html>


More information about the vpn-help mailing list