<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi,<br>
<br>
I am setting up a IKE VPN gateway to a Juniper SSX series firewall.
The connection is now working however I carried out the initial work
on my notebook. This failed to connect and at no point showed any
record in the logs of the Juniper of attempting a connection. After
much work debugging I tried a different machine and this connected
correctly first time (using the same Internet gateway).<br>
<br>
The symptom is that shrewsoft appears to install correctly (I have
tried this two or three times and rebooted each time) but times out
on the initial phase 1 key sending. It would appear that something
is preventing it from connecting. I have disabled both the windows
firewall and the antivirus (AVG).<br>
<br>
The workstation is running Windows 7 Pro (32 bit) and I am using the
2.1.7 version of Shrewsoft. The other machine is in fact Windows 7
Home (32 bit) and worked correctly with the same shrewsoft version.<br>
<br>
Although my problem has been resolved (by using a different
workstation) I am concerned that I may encounter problems when I
deploy the solution to users.<br>
<br>
Detailed below is the log output:-<br>
<br>
<small><tt>11/08/13 11:47:06 ## : IKE Daemon, ver 2.1.7<br>
11/08/13 11:47:06 ## : Copyright 2010 Shrew Soft Inc.<br>
11/08/13 11:47:06 ## : This product linked OpenSSL 0.9.8h 28 May
2008<br>
11/08/13 11:47:06 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'<br>
11/08/13 11:47:06 ii : rebuilding vnet device list ...<br>
11/08/13 11:47:06 ii : device ROOT\VNET\0000 disabled<br>
11/08/13 11:47:06 ii : network process thread begin ...<br>
11/08/13 11:47:06 ii : ipc server process thread begin ...<br>
11/08/13 11:47:06 ii : pfkey process thread begin ...<br>
11/08/13 11:47:28 ii : ipc client process thread begin ...<br>
11/08/13 11:47:28 <A : peer config add message<br>
11/08/13 11:47:28 DB : peer added ( obj count = 1 )<br>
11/08/13 11:47:28 ii : local address 192.168.95.101 selected for
peer<br>
11/08/13 11:47:28 DB : tunnel added ( obj count = 1 )<br>
11/08/13 11:47:28 <A : proposal config message<br>
11/08/13 11:47:28 <A : proposal config message<br>
11/08/13 11:47:28 <A : client config message<br>
11/08/13 11:47:28 <A : xauth username message<br>
11/08/13 11:47:28 <A : xauth password message<br>
11/08/13 11:47:28 <A : local id 'client.pivotss.net' message<br>
11/08/13 11:47:28 <A : remote id 'vpngw.pivotss.net' message<br>
11/08/13 11:47:28 <A : preshared key message<br>
11/08/13 11:47:28 <A : remote resource message<br>
11/08/13 11:47:28 <A : peer tunnel enable message<br>
11/08/13 11:47:28 DB : new phase1 ( ISAKMP initiator )<br>
11/08/13 11:47:28 DB : exchange type is aggressive<br>
11/08/13 11:47:28 DB : 192.168.95.101:500 <->
212.46.132.226:500<br>
11/08/13 11:47:28 DB : 239bc090b5ec1ce4:0000000000000000<br>
11/08/13 11:47:28 DB : phase1 added ( obj count = 1 )<br>
11/08/13 11:47:28 >> : security association payload<br>
11/08/13 11:47:28 >> : - proposal #1 payload <br>
11/08/13 11:47:28 >> : -- transform #1 payload <br>
11/08/13 11:47:28 >> : -- transform #2 payload <br>
11/08/13 11:47:28 >> : -- transform #3 payload <br>
11/08/13 11:47:28 >> : -- transform #4 payload <br>
11/08/13 11:47:28 >> : -- transform #5 payload <br>
11/08/13 11:47:28 >> : -- transform #6 payload <br>
11/08/13 11:47:28 >> : -- transform #7 payload <br>
11/08/13 11:47:28 >> : -- transform #8 payload <br>
11/08/13 11:47:28 >> : -- transform #9 payload <br>
11/08/13 11:47:28 >> : -- transform #10 payload <br>
11/08/13 11:47:28 >> : -- transform #11 payload <br>
11/08/13 11:47:28 >> : -- transform #12 payload <br>
11/08/13 11:47:28 >> : -- transform #13 payload <br>
11/08/13 11:47:28 >> : -- transform #14 payload <br>
11/08/13 11:47:28 >> : -- transform #15 payload <br>
11/08/13 11:47:28 >> : -- transform #16 payload <br>
11/08/13 11:47:28 >> : -- transform #17 payload <br>
11/08/13 11:47:28 >> : -- transform #18 payload <br>
11/08/13 11:47:28 >> : key exchange payload<br>
11/08/13 11:47:28 >> : nonce payload<br>
11/08/13 11:47:28 >> : identification payload<br>
11/08/13 11:47:28 >> : vendor id payload<br>
11/08/13 11:47:28 ii : local supports XAUTH<br>
11/08/13 11:47:28 >> : vendor id payload<br>
11/08/13 11:47:28 ii : local supports nat-t ( draft v00 )<br>
11/08/13 11:47:28 >> : vendor id payload<br>
11/08/13 11:47:28 ii : local supports nat-t ( draft v01 )<br>
11/08/13 11:47:28 >> : vendor id payload<br>
11/08/13 11:47:28 ii : local supports nat-t ( draft v02 )<br>
11/08/13 11:47:28 >> : vendor id payload<br>
11/08/13 11:47:28 ii : local supports nat-t ( draft v03 )<br>
11/08/13 11:47:28 >> : vendor id payload<br>
11/08/13 11:47:28 ii : local supports nat-t ( rfc )<br>
11/08/13 11:47:28 >> : vendor id payload<br>
11/08/13 11:47:28 ii : local supports FRAGMENTATION<br>
11/08/13 11:47:28 >> : vendor id payload<br>
11/08/13 11:47:28 ii : local supports DPDv1<br>
11/08/13 11:47:28 >> : vendor id payload<br>
11/08/13 11:47:28 ii : local is SHREW SOFT compatible<br>
11/08/13 11:47:28 >> : vendor id payload<br>
11/08/13 11:47:28 ii : local is NETSCREEN compatible<br>
11/08/13 11:47:28 >> : vendor id payload<br>
11/08/13 11:47:28 ii : local is SIDEWINDER compatible<br>
11/08/13 11:47:28 >> : vendor id payload<br>
11/08/13 11:47:28 ii : local is CISCO UNITY compatible<br>
11/08/13 11:47:28 >= : cookies
239bc090b5ec1ce4:0000000000000000<br>
11/08/13 11:47:28 >= : message 00000000<br>
11/08/13 11:47:28 -> : send IKE packet 192.168.95.101:500
-> 212.46.132.226:500 ( 1194 bytes )<br>
11/08/13 11:47:29 DB : phase1 resend event scheduled ( ref count
= 2 )<br>
11/08/13 11:47:34 -> : resend 1 phase1 packet(s)
192.168.95.101:500 -> 212.46.132.226:500<br>
11/08/13 11:47:39 -> : resend 1 phase1 packet(s)
192.168.95.101:500 -> 212.46.132.226:500<br>
11/08/13 11:47:44 -> : resend 1 phase1 packet(s)
192.168.95.101:500 -> 212.46.132.226:500<br>
11/08/13 11:47:49 ii : resend limit exceeded for phase1 exchange<br>
11/08/13 11:47:49 ii : phase1 removal before expire time<br>
11/08/13 11:47:49 DB : phase1 deleted ( obj count = 0 )<br>
11/08/13 11:47:49 DB : policy not found<br>
11/08/13 11:47:49 DB : policy not found<br>
11/08/13 11:47:49 DB : policy not found<br>
11/08/13 11:47:49 DB : policy not found<br>
11/08/13 11:47:49 DB : policy not found<br>
11/08/13 11:47:49 DB : policy not found<br>
11/08/13 11:47:49 DB : tunnel stats event canceled ( ref count =
1 )<br>
11/08/13 11:47:49 DB : removing tunnel config references<br>
11/08/13 11:47:49 DB : removing tunnel phase2 references<br>
11/08/13 11:47:49 DB : removing tunnel phase1 references<br>
11/08/13 11:47:49 DB : tunnel deleted ( obj count = 0 )<br>
11/08/13 11:47:49 DB : removing all peer tunnel refrences<br>
11/08/13 11:47:49 DB : peer deleted ( obj count = 0 )<br>
11/08/13 11:47:49 ii : ipc client process thread exit ...</tt></small><br>
<br>
<br>
192.168.95.101 is my local (NAT) Ip address<br>
<br>
Any help would be appreciated<br>
<br>
David<br>
Dragonnet<br>
<br>
<br>
</body>
</html>