Hi Jan-Tore, The first thing I would check is that you've set the Shrew client to receive the configuration from the SSG. In the Shrew client Site Configuration, General tab, the "Auto Configuration" field should be set to "ike config push".
If that doesn't solve it, please post your site configuration file so we can compare it to a working config. You can generate the file by exporting the site config. -----Original Message----- From: Jan-Tore Pedersen <[email protected]> Date: Mon, 5 Jul 2010 15:16:40 To: <[email protected]> Subject: Re: [vpn-help] Connection problems to a Juniper SSG5 firewall I have assigned a pool on the policy tab on the client. The connection works fine on the ns-remote client and tje ncp client. But want to use a freeware client with windows 7. I must be doing something wrong on the client. I can post some screenshots of the setup. Thanks Jan-Tore Sendt fra min iPhone Den 5. juli 2010 kl. 15:59 skrev "kevin shrew-vpn " <[email protected]>: > Hi Jan-Tore, > > It looks like you're not providing a virtual IP from the SSG to Shrew > (Client IP Addr 0.0.0.0, IPPool name:). Try defining an IPPool (make sure > it does not overlap with Trust network, it can be any private range) and > assign it to the XAuth Settings for VPN. > > The Howto works well, check your config against it: > Http://www.shrewsoft.com/support/wiki/HowtoJuniperSsg > > -----Original Message----- > From: Jan-Tore Pedersen <[email protected]> > Date: Mon, 5 Jul 2010 08:10:09 > To: <[email protected]>; <[email protected]> > Subject: [vpn-help] Connection problems to a Juniper SSG5 firewall > > Hello guys > > I just upgraded the firmware on the firewall as pr junipers recomendation > and still no luck with getting trough with the shrewsoft vpn client. I get > to phase 2 and then it falls on it's face. Here is the log from the firewall. > > IKE 195.18.140.92: XAuth login was passed for gateway VPN-GW, username > bruker097, retry: 0, Client IP Addr 0.0.0.0, IPPool name: , Session-Timeout: > 0s, Idle-Timeout: 0s. > IKE 195.18.140.92: XAuth login was refreshed for username bruker097 at > 0.0.0.0/0.0.0.0. > Rejected an IKE packet on ethernet0/0 from 195.18.140.92:500 to > 62.92.30.6:500 with cookies 4188b7c824d65185 and ebd1565026b035e7 because A > Phase 2 packet arrived while XAuth was still pending. > IKE 195.18.140.92 Phase 1: Completed Aggressive mode negotiations with a > 28800-second lifetime. > IKE 195.18.140.92 Phase 1: Completed for user bruker097. > IKE 195.18.140.92 phase 1:The symmetric crypto key has been generated > successfully. > IKE 195.18.140.92 Phase 1: Responder starts AGGRESSIVE mode negotiations > > > If anyone has any solutions it would be great. > > Thanks > Jan-Tore Pedersen > Systemkonsulent > Lan-X Øst AS > m:95308035 > >_______________________________________________ > vpn-help mailing list > [email protected] > http://lists.shrew.net/mailman/listinfo/vpn-help > _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
