[vpn-help] cant connect client to site over vpn
Kevin VPN
kvpn at live.com
Mon Dec 9 21:47:16 CST 2013
On 12/09/2013 05:03 PM, ariel rodriguez wrote:
> Problem:The VPN client fails to connect to my gateway after
> configuring the juniper and client using
> https://www.shrew.net/support/Howto_Juniper_SSG. A vpn trace produces
> this:
> 13/12/10 08:52:51 >= : cookies f0f1b2e404606bde:0000000000000000
> 13/12/10 08:52:51 >= : message > 00000000
> 13/12/10 08:52:51 -> : send IKE packet 192.168.1.201:500 ->
> xxx.xxx.xxx.xxx:500 ( 1173 bytes )
> 13/12/10 08:52:51 DB : phase1 > resend event scheduled ( ref count = 2 )
> 13/12/10 08:52:56 -> : resend 1 phase1 packet(s) [0/2] 192.168.1.201:500 ->
> xxx.xxx.xxx.xxx:500
>
> This repeats quite a few times,on the juniper the
> log says negotiations have been aborted due to timeout. Ive checked
> the fqdn sting to make sure there correct since other threads have
> said this could be an issue. Also im not sure if this is an issue but
> the network has no WINS server configured so i have left that blank
> in the xauth settings in the juniper.
> VPN Client Version = 2.2.2
> Windows OS Version = Windows 7 pro 64bit
> Gateway Make/Model = Juniper ssg 20Gateway OS Version = 5.4.0 r1
>
Hi Ariel,
Don't worry about WINS, you're not even getting to xauth yet in the
negotiation stage, and it doesn't matter anyway.
Note that there's a typo in the SSG Howto: the IKE Identity on the
Juniper in the vpnclient_ph1id user needs to match the Local Identity on
the Authentication tab in the Shrew site configuration. If you didn't
catch that before, fix that and try the connection again.
If that doesn't fix it, have you got a NAT router in front of your
client machine? Or maybe a firewall that's blocking traffic on port
udp500 to your client machine?
More information about the vpn-help
mailing list