[vpn-help] Shrew disconnects from Juniper SRX210 after some minutes

[Roper, Andrew]

Jereon,

Are you assigning an IP address to the remote VPN client via Xauth? If so, do you have that scope listed under proxy-arp on the interface that services the local network?

-Andrew

-----Original Message-----
From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Jeroen J.A.W. Hermans
Sent: Thursday, April 12, 2012 3:46 PM
To: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] Shrew disconnects from Juniper SRX210 after some minutes

Thank you for your reply. I have checked my config, but DPD was not enabled. I cannot find any keepalive/heartbeat statements in my config (NAT-keepalive is off). The problem remains the same,  also with other users at different remote locations. I feel i have tried all possible options, but nothing seems to work. Are there any other possible options i could try?
Kind regards,

Jeroen Hermans

On 12-4-2012 4:31, Kevin VPN wrote:
> On 04/03/2012 04:09 PM, Jeroen J.A.W. Hermans wrote:
>> I have a problem i have been working on a few weeks now and i don't 
>> seem to be able to get Shrew to work nicely with my Juniper SRX210. 
>> Setting up a VPN to the SRX is not a problem. Phase 1 and 2 are 
>> completed succesfully. I am able to ping to the other netwerk without 
>> any problems, but after about 6 minutes Shrew disconnects (see 
>> tracedump under this mail). I am using a Juniper SRX210 running JunOS 
>> 11.1R1.10 and Shrew VPN 2.2.0. I am using a cabled network and i am 
>> behind a NAT router.
>
> Hi Jeroen,
>
> I would look at the Dead Peer Detection (DPD) or Heartbeat/Keepalive 
> settings, they often have a timeout of 300 seconds (5 minutes).  Try 
> turning DPD or Heartbeat off to see if that changes the problem.
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help