On Mon, 10 May 2010 15:14:26 -0600 Nick Nyberg <[email protected]> wrote:
> From the firewall > I can see the error message: > > Rejected an IKE packet on ethernet3 from 63.229.228.145:1933 to > 63.253.251.138:500 with cookies 5258772399d01271 and 89bc291a23a99798 > because there were no acceptable Phase 1 proposals. > > The only thing that has changed is the firmware on the router. I > recently upgraded to 5.4.0r15.0 (Firewall+VPN) on the Netscreen 25. > > My questions: > 1.) Can anyone else confirm that the Netscreen 5.4.0r15.0 broke > there dial-up VPN? 2.) Any idea how to reestablish connectivity? > 3.) I found the trouble ticket ID: Ticket #3752 (reopened defect) - > I would like to note that I have the same issue on Windows 7, x64 > even running Head development 2.2.0-alpha-9. > Hi Nick, there's also a 5.4.0r16 available and the release notes do reference a fix for a phase 1 negotiation problem. Have you checked to see if this problem also affects the Juniper NetScreen-Remote client? Secondly, I had a similar problem for a while when first trying to setup Shrew to Juniper (on ScreenOS 6.1), and I think I solved it by *not* specifying all the Phase 1 details in the Shrew configuration. I just left the Cipher and Hash on auto in the Phase 1 tab, and I left Remote Identity set to IP Address and checked Use a discovered remote host address on the Authentication tab. I could only find "Shrew' and ticket "3752" in reference to a DNS resolution problem reported on VirtualBox (which references Shrew Ticket #6). This does not seem to be the same problem at all. _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
