Hi Jan-Tore, It looks like you're not providing a virtual IP from the SSG to Shrew (Client IP Addr 0.0.0.0, IPPool name:). Try defining an IPPool (make sure it does not overlap with Trust network, it can be any private range) and assign it to the XAuth Settings for VPN.
The Howto works well, check your config against it: Http://www.shrewsoft.com/support/wiki/HowtoJuniperSsg -----Original Message----- From: Jan-Tore Pedersen <[email protected]> Date: Mon, 5 Jul 2010 08:10:09 To: <[email protected]>; <[email protected]> Subject: [vpn-help] Connection problems to a Juniper SSG5 firewall Hello guys I just upgraded the firmware on the firewall as pr junipers recomendation and still no luck with getting trough with the shrewsoft vpn client. I get to phase 2 and then it falls on it's face. Here is the log from the firewall. IKE 195.18.140.92: XAuth login was passed for gateway VPN-GW, username bruker097, retry: 0, Client IP Addr 0.0.0.0, IPPool name: , Session-Timeout: 0s, Idle-Timeout: 0s. IKE 195.18.140.92: XAuth login was refreshed for username bruker097 at 0.0.0.0/0.0.0.0. Rejected an IKE packet on ethernet0/0 from 195.18.140.92:500 to 62.92.30.6:500 with cookies 4188b7c824d65185 and ebd1565026b035e7 because A Phase 2 packet arrived while XAuth was still pending. IKE 195.18.140.92 Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime. IKE 195.18.140.92 Phase 1: Completed for user bruker097. IKE 195.18.140.92 phase 1:The symmetric crypto key has been generated successfully. IKE 195.18.140.92 Phase 1: Responder starts AGGRESSIVE mode negotiations If anyone has any solutions it would be great. Thanks Jan-Tore Pedersen Systemkonsulent Lan-X Øst AS m:95308035 _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
