[vpn-help] Phase 2 failing with Juniper SSG140
Kevin VPN
kvpn at live.com
Thu Nov 14 21:46:06 CST 2013
On 08/14/2013 03:22 PM, Drew Majewski wrote:
> Hi Kevin,
>
>
>
> Sorry for the late response but I just double checked and tried all of the
> Phase 2 settings but I get the same result:
>
> Here are the Phase 2 proposals that I use:
> nopfs-esp-3des-md5
> nopfs-esp-3des-sha
> nopfs-esp-aes128-sha
> nopfs-esp-aes128-md5
>
> In the Shrew 2.2.0 client I test with I tried a few different combination
> of options but none of them work:
>
> Transform Algorithm: esp-3des
> HMAC Algorithm: sha1
> PFS Exchange: disabled
>
> Transform Algorithm: esp-3des
> HMAC Algorithm: md5
> PFS Exchange: disabled
>
> Transform Algorithm: esp-aes
> Transform Key Length: 128
> HMAC Algorithm: sha1
> PFS Exchange: disabled
>
> Transform Algorithm: esp-aes
> Transform Key Length: 128
> HMAC Algorithm: md5
> PFS Exchange: disabled
>
> On all of the tests above I get the same issue. Shrew connects, tunnel
> enables, grabs VPN IP, can't ping anything and then Shrew just disconnects
> and logs in Juniper about Phase 2.
>
> 2013-08-14 15:08:54 info IKE x.x.x.x Phase 2
> msg ID 61aceddd: Negotiations have failed.
>
> 2013-08-14 15:08:54 info IKE x.x.x.x Phase 2
> msg ID 61aceddd: Negotiations have failed for user *****.
>
>
Hi Drew,
I'm very sorry for the late response, I've been away for a while.
Are you still having this issue? If so, can you provide the complete
Juniper logs (all the IKE, Phase 1 and Phase 2 entries) as well as a
debug trace from Shrew?
Debug trace instructions:
https://www.shrew.net/support/VPN_Bug_Report_Windows
More information about the vpn-help
mailing list