On Mon, 5 Jul 2010 17:42:02 +0200 "Jan-Tore Pedersen" <[email protected]> wrote:
> Hello Kevin > > This is the juniper config, and the vpn client config. If u could > figure it out it would be great :) I did not setup the firewall. And > i can't just delete the vpn config and make a new as there are a lot > of users still on XP using the old NS client. > Hi Jan-Tore, I did find two things that are not correct. First, there is no ippool defined in the SSG config. That is why the client is not getting an IP, and is probably why Phase 2 is not proceeding because I believe Phase 2 occurs using the IP provided during the XAuth/configuration push step. Second, you have mis-matched networks defined. In the Shrew profile, you specify a network of xx.xx.xxx.0/24, yet on the SSG the policy you've defined is for ANY, which maps 0.0.0.0/0. Shrew: s:policy-list-include:xx.xx.xxx.0 / 255.255.255.0 SSG: set policy id 10 from "Untrust" to "Trust" "Dial-Up VPN" "ANY" nat src tunnel vpn "VPN-IKE" id 0x3 log You will need to fix them so they are the same, otherwise the SSG will complain about being unable to find a matching Phase 2 SA entry. _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
