
<html>

<head>

<style><!--

.hmmessage P

{

margin:0px;

padding:0px

}

body.hmmessage

{

font-size: 12pt;

font-family:Calibri

}

--></style></head>

<body class='hmmessage'><div dir='ltr'>Hi Willem,<br><br>If you install Shrewsoft 2.1.7 client ( It's officially not supported ) and try it agian. <BR>Does it pass any traffic then?<br><br><BR><div>

<BR>

<div class="ecxWordSection1">

<div>

<div style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(181, 196, 223) currentColor currentColor; padding: 3pt 0cm 0cm;">

<p class="ecxMsoNormal"><b><span style='font-family: "Tahoma","sans-serif"; font-size: 10pt;'>Van:</span></b><span style='font-family: "Tahoma","sans-serif"; font-size: 10pt;'> vpn-help-bounces@lists.shrew.net [mailto:vpn-help-bounces@lists.shrew.net]

<b>Namens </b>Willem Kutschruiter<br>

<b>Verzonden:</b> zondag 30 juni 2013 15:00<br>

<b>Aan:</b> vpn-help@lists.shrew.net<br>

<b>Onderwerp:</b> [vpn-help] VPN client does not work with Netscreen 5GT 6.2.0r11.0</span></p>

</div>

</div>

<p class="ecxMsoNormal"> </p>

<p class="ecxMsoNormal"><span lang="EN-GB">LS,</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB"> </span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">I would appreciate some help..</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB"> </span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">Im using Shrewsoft VPN client version 2.2.1 on windows 8 to connect to a netscreen 5Gt running version 6.2.0r11.0.</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB"> </span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">I can get it to work. </span><span lang="EN-GB" style="font-family: Wingdings;">L</span><span lang="EN-GB">.. It connects but it does not passes any traffic.</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB"> </span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">I have looked and configured as stated on the following links:</span></p>

<p class="ecxMsoNormal"><a href="https://www.shrew.net/support/Howto_Juniper_SSG" target="_blank"><span lang="EN-GB">https://www.shrew.net/support/Howto_Juniper_SSG</span></a></p>

<p class="ecxMsoNormal"><a href="http://www.the-internet-guy.com/pdf/Juniper_firewall_setup_for_Shrewsoft_VPN_connectivity.pdf" target="_blank">http://www.the-internet-guy.com/pdf/Juniper_firewall_setup_for_Shrewsoft_VPN_connectivity.pdf</a></p>

<p class="ecxMsoNormal"><a href="http://www.the-internet-guy.com/pdf/Shrew_VPN_Client_Setup_for_Juniper_Connectivity.pdf" target="_blank">http://www.the-internet-guy.com/pdf/Shrew_VPN_Client_Setup_for_Juniper_Connectivity.pdf</a></p>

<p class="ecxMsoNormal"><a href="http://kb.juniper.net/InfoCenter/index?page=content&id=KB22074" target="_blank">http://kb.juniper.net/InfoCenter/index?page=content&id=KB22074</a></p>

<p class="ecxMsoNormal"><a href="http://kb.juniper.net/InfoCenter/index?page=content&id=KB15272" target="_blank">http://kb.juniper.net/InfoCenter/index?page=content&id=KB15272</a></p>

<p class="ecxMsoNormal"><b> </b></p>

<p class="ecxMsoNormal"> </p>

<p class="ecxMsoNormal"><span lang="EN-GB">furthermore I have done a lot of debugging with no positive results.</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB"> </span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">Below the configs.. I have deleted or modified any info which could breach our security.</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">The config of the shrewsoft client side.</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB"> </span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:version:4</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:network-ike-port:500</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:network-mtu-size:1380</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:client-addr-auto:1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:network-natt-port:4500</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:network-natt-rate:15</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:network-frag-size:540</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:network-dpd-enable:0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:client-banner-enable:0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:network-notify-enable:0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:client-dns-used:1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:client-dns-auto:1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:client-dns-suffix-auto:1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:client-splitdns-used:1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:client-splitdns-auto:1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:client-wins-used:1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:client-wins-auto:1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:phase1-dhgroup:2</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:phase1-life-secs:28800</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:phase1-life-kbytes:0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:vendor-chkpt-enable:0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:phase2-life-secs:3600</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:phase2-life-kbytes:0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:policy-nailed:0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:policy-list-auto:0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:phase1-keylen:128</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:phase2-keylen:128</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:network-host:x.x.x.114</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:client-auto-mode:push</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:client-iface:virtual</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:network-natt-mode:enable</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:network-frag-mode:enable</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:auth-method:mutual-psk-xauth</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:ident-client-type:ufqdn</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:ident-server-type:fqdn</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:ident-client-data:user@domain.yy</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:ident-server-data:aa.bb.cc</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">b:auth-mutual-psk:MmcwMEQyYmU=</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:phase1-exchange:aggressive</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:phase1-cipher:3des</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:phase1-hash:sha1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:phase2-transform:auto</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:phase2-hmac:auto</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:ipcomp-transform:disabled</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">n:phase2-pfsgroup:-1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:policy-level:auto</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">s:policy-list-include:192.168.30.0 / 255.255.255.0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB"> </span></p>

<p class="ecxMsoNormal"><span lang="EN-GB"> </span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">the config off the netscreen 5gt..</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB"> </span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">FW-Polen-> get config</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">Total Config size 10407:</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset key protection enable</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set clock ntp</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set clock timezone 1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set clock dst recurring start-weekday 3 0 3 02:00 end-weekday 3 0 10 02:00</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vrouter trust-vr sharable</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vrouter "untrust-vr"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vrouter "trust-vr"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset auto-route-export</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set alg appleichat enable</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset alg appleichat re-assembly enable</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set alg sctp enable</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set auth-server "Local" id 0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set auth-server "Local" server-name "Local"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set auth default auth server "Local"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set auth radius accounting port 1646</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set admin name "support"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set admin password "nNx2MBrLIXzOcHAP8sJHT7CtbCGjCn"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set admin manager-ip x.x.0.0 255.255.0.0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set admin manager-ip x.x.x.x 255.255.255.224</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set admin auth web timeout 10</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set admin auth server "Local"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set admin format dos</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "Trust" vrouter "trust-vr"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "Untrust" vrouter "trust-vr"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "VLAN" vrouter "trust-vr"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "Untrust-Tun" vrouter "trust-vr"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "Trust" tcp-rst</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset zone "Untrust" block</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset zone "Untrust" tcp-rst</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "MGT" block</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset zone "V1-Trust" tcp-rst</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset zone "V1-Untrust" tcp-rst</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "VLAN" tcp-rst</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "Untrust" screen tear-drop</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "Untrust" screen syn-flood</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "Untrust" screen ping-death</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "Untrust" screen ip-filter-src</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "Untrust" screen land</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "V1-Untrust" screen tear-drop</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "V1-Untrust" screen syn-flood</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "V1-Untrust" screen ping-death</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "V1-Untrust" screen ip-filter-src</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set zone "V1-Untrust" screen land</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface "trust" zone "Trust"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface "untrust" zone "Untrust"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface "tunnel.1" zone "Untrust"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset interface vlan1 ip</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface trust ip 192.168.30.252/24</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface trust nat</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface untrust ip x.x.x.114/30</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface untrust route</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface tunnel.1 ip unnumbered interface untrust</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset interface vlan1 bypass-others-ipsec</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset interface vlan1 bypass-non-ip</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset interface vlan1 bypass-ipv6-others-ipsec</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface vlan1 bypass-icmpv6-ndp</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface vlan1 bypass-icmpv6-mld</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset interface vlan1 bypass-icmpv6-mrd</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset interface vlan1 bypass-icmpv6-msp</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface vlan1 bypass-icmpv6-snd</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface trust ip manageable</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface untrust ip manageable</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface untrust manage ping</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface untrust manage ssh</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface untrust manage web</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface untrust vip interface-ip 25 "MAIL" 192.168.1.1 manual</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface trust dhcp server service</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface trust dhcp server auto</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface trust dhcp server option lease 360</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set interface trust dhcp server ip 192.168.30.10 to 192.168.30.100</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset interface trust dhcp server config next-server-ip</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set flow tcp-mss 1300</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set flow path-mtu</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset flow tcp-syn-check</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset flow tcp-syn-bit-check</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set flow reverse-route clear-text prefer</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set flow reverse-route tunnel always</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set domain polen.local</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set hostname FW-Polen</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set dbuf usb filesize 0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set pki authority default scep mode "auto"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set pki x509 default cert-path partial</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set dns host dns1 192.168.1.1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set dns host schedule 06:28</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set address "Trust" "LAN_Local" 192.168.30.0 255.255.255.0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set address "Untrust" "192.168.255.0/24" 192.168.255.0 255.255.255.0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set address "Untrust" "Internet LAN" k.l.m.173 255.255.255.252

</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set address "Untrust" "Internet Router" k.l.m.173 255.255.255.255

</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set address "Untrust" "LAN_Remote1" 192.168.1.0 255.255.255.0

</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set address "Untrust" "LAN_Remote2" 192.168.10.0 255.255.255.0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ippool "shrew-Pool" 192.168.255.10 192.168.255.20</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "Erik" uid 2</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "Erik" ike-id u-fqdn "<a href="mailto:user@domain.xx">user@domain.xx</a>" share-limit 1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "Erik" type ike</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "Erik" "enable"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "Martin" uid 4</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "Martin" ike-id u-fqdn "<a href="mailto:user@domain.yy">user@domain.yy</a>" share-limit 1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "Martin" type ike</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "Martin" "enable"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "Shrew-vpn-user" uid 3</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "Shrew-vpn-user" ike-id u-fqdn "<a href="mailto:user@domain.yy">user@domain.yy</a>" share-limit 1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "Shrew-vpn-user" type ike</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "Shrew-vpn-user" "enable"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "willem" uid 7</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "willem" type xauth</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "willem" remote ippool "shrew-Pool"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "willem" password "JC0Ja8qyNJpwmssZ11CcReMzGlnSWZz1Jg=="</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset user "willem" type auth</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user "willem" "enable"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user-group "Shrew-VPN-Users" id 3</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user-group "Shrew-VPN-Users" user "Shrew-vpn-user"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user-group "VPN-Users" id 1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user-group "VPN-Users" user "Erik"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set user-group "VPN-Users" user "Martin"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set crypto-policy</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "Gateway for LAN_Remote1" address k.l.m.174 Main outgoing-interface "untrust" preshare "zd/EX7JdNV+6ktsdzfC/5wmx/9nBVvDh6w==" sec-level compatible</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "Gateway for LAN_Remote1" nat-traversal</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "Gateway for LAN_Remote1" nat-traversal udp-checksum</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "Gateway for LAN_Remote1" nat-traversal keepalive-frequency 5</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "GW_vpn-user" dialup "VPN-Users" Aggr local-id "GW_vpn-user" outgoing-interface "untrust" preshare "KnhedI6qNvbKv1s+8zCiscjFEjn/V6Y2DA==" proposal "pre-g2-3des-sha" "pre-g2-3des-md5"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset ike gateway "GW_vpn-user" nat-traversal udp-checksum</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "GW_vpn-user" nat-traversal keepalive-frequency 5</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "Gateway for LAN_Remote2" address 0.0.0.0 id "Waldheim" Aggr local-id "Polen" outgoing-interface "untrust" preshare "qy7AixgQNWCzossSZlCIaTfix8nlznNHpQ==" sec-level compatible</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset ike gateway "Gateway for LAN_Remote2" nat-traversal udp-checksum</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "Gateway for LAN_Remote2" nat-traversal keepalive-frequency 5</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "shrew-vpn-gateway" dialup "Shrew-VPN-Users" Aggr local-id "aa.bb.cc" outgoing-interface "untrust" preshare "aXe1Ag/hNyCAtns/3KC1vMPOumnB6zMGag==" proposal "pre-g2-3des-sha"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "shrew-vpn-gateway" dpd-liveness interval 30</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset ike gateway "shrew-vpn-gateway" nat-traversal udp-checksum</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "shrew-vpn-gateway" nat-traversal keepalive-frequency 20</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "shrew-vpn-gateway" xauth server "Local"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset ike gateway "shrew-vpn-gateway" xauth do-edipi-auth</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike respond-bad-spi 1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "Gateway for LAN_Remote1" heartbeat hello 60</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "Gateway for LAN_Remote1" heartbeat reconnect 60</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "Gateway for LAN_Remote2" heartbeat hello 60</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike gateway "Gateway for LAN_Remote2" heartbeat reconnect 60</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ike ikev2 ike-sa-soft-lifetime 60</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset ike ikeid-enumeration</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset ike dos-protection</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset ipsec access-session enable</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ipsec access-session maximum 5000</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ipsec access-session upper-threshold 0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ipsec access-session lower-threshold 0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ipsec access-session dead-p2-sa-timeout 0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset ipsec access-session log-error</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset ipsec access-session info-exch-connected</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset ipsec access-session use-error-log</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set xauth default dns1 192.168.30.101</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set xauth default dns2 192.168.30.101</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set xauth default wins1 192.168.30.101</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set xauth default wins2 192.168.30.101</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vpn "Tunnel for LAN_Remote1" gateway "Gateway for LAN_Remote1" no-replay tunnel idletime 0 sec-level compatible</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vpn "Tunnel for LAN_Remote1" monitor</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vpn "tunnel-vpn-user" gateway "GW_vpn-user" replay tunnel idletime 0 proposal "nopfs-esp-3des-sha"  "nopfs-esp-3des-md5"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vpn "tunnel-vpn-user" monitor</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vpn "Tunnel for LAN_Remote2" gateway "Gateway for LAN_Remote2" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha"  "g2-esp-3des-md5"  "g2-esp-des-sha"  "g2-esp-des-md5"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vpn "Tunnel for LAN_Remote2" monitor</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vpn "Shrew-Vpn-Tunnel" gateway "shrew-vpn-gateway" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vpn "Shrew-Vpn-Tunnel" monitor</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vpn "Shrew-Vpn-Tunnel" id 0xc bind interface tunnel.1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vrouter "untrust-vr"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vrouter "trust-vr"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set l2tp "WindowsVPN-l2tp" id 1 outgoing-interface untrust keepalive 60</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set url protocol websense</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vpn "Shrew-Vpn-Tunnel" proxy-id local-ip 192.168.30.0/24 remote-ip 255.255.255.255/32 "ANY"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 6 from "Untrust" to "Trust"  "Any-IPv4" "VIP(untrust)" "MAIL" permit log count</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 6 application "SMTP"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 6</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set log session-init</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 1 from "Untrust" to "Trust"  "LAN_Remote1" "LAN_Local" "ANY" tunnel vpn "Tunnel for LAN_Remote1" id 0x5 pair-policy 5 log count traffic mbw 1024</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set log session-init</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 8 name "LAN_Remote2" from "Untrust" to "Trust"  "LAN_Remote2" "LAN_Local" "ANY" tunnel vpn "Tunnel for LAN_Remote2" id 0x8 pair-policy 9 log count traffic mbw 1024</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 8</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 5 from "Trust" to "Untrust"  "LAN_Local" "LAN_Remote1" "ANY" tunnel vpn "Tunnel for LAN_Remote1" id 0x5 pair-policy 1 log count traffic mbw 1024</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 5</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set log session-init</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 9 name "LAN_Remote2" from "Trust" to "Untrust"  "LAN_Local" "LAN_Remote2" "ANY" tunnel vpn "Tunnel for LAN_Remote2" id 0x8 pair-policy 8 log count traffic mbw 1024</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 9</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 0 from "Trust" to "Untrust"  "Any-IPv4" "Any-IPv4" "ANY" permit log count</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 0</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 4 name "vpn-user" from "Untrust" to "Trust"  "Dial-Up VPN IPv4" "LAN_Local" "ANY" tunnel vpn "tunnel-vpn-user" id 0x6 pair-policy 7 log count</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 4</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set log session-init</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 7 name "vpn-user" from "Trust" to "Untrust"  "LAN_Local" "Dial-Up VPN IPv4" "ANY" tunnel vpn "tunnel-vpn-user" id 0x6 pair-policy 4 log count</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 7</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set log session-init</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 10 from "Untrust" to "Trust"  "192.168.255.0/24" "LAN_Local" "ANY" permit log</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set policy id 10</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set log session-init</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set nsmgmt bulkcli reboot-timeout 60</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ssh version v2</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ssh enable</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set config lock timeout 5</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset license-key auto-update</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set telnet client enable</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ntp server "46.19.33.5"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ntp server backup1 "81.171.44.131"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set ntp server backup2 "0.0.0.0"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set modem speed 115200</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set modem retry 3</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set modem interval 10</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set modem idle-time 10</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set snmp name "zetten"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set snmp port listen 161</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set snmp port trap 162</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vrouter "untrust-vr"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vrouter "trust-vr"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">unset add-default-route</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set route 0.0.0.0/0 interface untrust gateway x.x.x.113</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set route 192.168.255.0/24 interface tunnel.1</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vrouter "untrust-vr"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">set vrouter "trust-vr"</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">exit</span></p>

<p class="ecxMsoNormal"><span lang="EN-GB">FW-Polen-></span></p>

<p class="ecxMsoNormal"><span lang="EN-GB"> </span></p>

<p class="ecxMsoNormal"><span style='font-family: "Verdana","sans-serif"; font-size: 10pt;'>Met vriendelijke groet, kind Regards,</span></p>

<p class="ecxMsoNormal"><span style='font-family: "Verdana","sans-serif"; font-size: 10pt;'> </span></p>

<p class="ecxMsoNormal"><span style='font-family: "Verdana","sans-serif"; font-size: 10pt;'>Willem Kutschruiter</span></p>

<p class="ecxMsoNormal"><span style='font-family: "Verdana","sans-serif"; font-size: 10pt;'>+31653229596</span></p>

<p class="ecxMsoNormal"> </p>

</div>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<BR></div>                                    </div></body>

</html>