[vpn-help] Proposal that works with Juniper SRX100?
Loris Modenese
l.modenese at gmail.com
Sat Jan 26 10:56:47 CST 2013
Il 25/01/2013 03:44, Kevin VPN ha scritto:
> On 09/05/2012 02:30 PM, Allen Klein wrote:
>> Hi,
>>
>> Anybody get a shared ike config (with XAUTH) working with an SRX box?
>> If so, perhaps you can send me your connection file? Or for that
>> matter, any config with an SRX and Shrewsoft client?
>>
>
> Hi Allen,
>
> I don't know if you managed to get your SRX working, but if you
> haven't, maybe this post will help explain why it's so hard:
> https://lists.shrew.net/pipermail/vpn-help/2012-December/014091.html
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> https://lists.shrew.net/mailman/listinfo/vpn-help
>
Hi Kevin,
I have in datacenter several Juniper SRX firewalls and I found the the
disconnecting problem it is not related on the modcofig handshaking but
with the NAT traversal implementation (I have debugged the 2.2 version
of your vpn client with Eclipse on a CentOS 6.2). It look like that SRX
keep on asking "The NAT traslation infos are incomplete, resend me the
data". It runs the loop for 5 times then it closes the connection.
I've done a simple test with the 2.1.7 and 2.2rc version and both are
working IF the NAT traversal option in the client is DISABLE and you
have a public IP address assigned on your computer (not very common) OR
you have a natted address behind a router with the IPSEC passthrough
protocol ENABLED.
Hope this help.
Regards.
Loris
More information about the vpn-help
mailing list