Hello, at this moment all clients successfully can use NetscreenRemote, but on one pc are windows7 and for this pc, I plan to use ShrewSoft VPN client. Now I make tests for this vpn client, bun unsuccessful.
Configuration on NetscreenRemote are: Connection security: secure Remote Party Identing ... ID Type: IP subnet subnet: 10.200.0.0 mask: 255.255.255.0 Protocol: all use: Secure Gateway Tunnel ID type: IP address x.x.x.x My Identity ID Type: e-mail address [email protected] Security Policy aggresive mode Enable PFS DH group 5 phase1 Preshared Key; Extended Authentication Encrypt alg: AES-256 Hash alg: sha-1 sa life: unspecified Key group: DH group5 phase2 sa life: unspecified ESP Encrypt alg: AES-256 Hash alg: sha-1 Encapsulation: Tunnel on Srewsoft VPN client I configure: n:version:2 n:network-ike-port:500 n:network-mtu-size:1380 n:client-addr-auto:1 n:network-natt-port:4500 n:network-natt-rate:15 n:network-frag-size:540 n:network-dpd-enable:1 n:client-banner-enable:1 n:network-notify-enable:1 n:client-wins-used:1 n:client-wins-auto:1 n:client-dns-used:1 n:client-dns-auto:1 n:client-splitdns-used:1 n:client-splitdns-auto:1 n:phase1-dhgroup:5 n:phase1-keylen:256 n:phase1-life-secs:28800 n:phase1-life-kbytes:0 n:vendor-chkpt-enable:0 n:phase2-keylen:256 n:phase2-life-secs:3600 n:phase2-life-kbytes:0 n:policy-nailed:1 n:policy-list-auto:0 s:client-saved-username:test test s:network-host:1.1.1.1 s:client-auto-mode:push s:client-iface:virtual s:network-natt-mode:enable s:network-frag-mode:enable s:auth-method:mutual-psk-xauth s:ident-client-type:ufqdn s:ident-server-type:any s:ident-client-data:[email protected] b:auth-mutual-psk:xxxxxx s:phase1-exchange:aggressive s:phase1-cipher:aes s:phase1-hash:sha1 s:phase2-transform:esp-aes s:phase2-hmac:sha1 s:ipcomp-transform:disabled n:phase2-pfsgroup:2 s:policy-level:require s:policy-list-include:10.200.0.0 / 255.255.255.0 In juniper ssg logs I can see: IKE 2.2.2.2: XAuth login was passed for gateway RemoteAccess, username test test, retry: 0, Client IP Addr 0.0.0.0, IPPool name: , Session-Timeout: 0s, Idle-Timeout: 0s. IKE 2.2.2.2: XAuth login was refreshed for username test test at 0.0.0.0/0.0.0.0. Rejected an IKE packet on ethernet0/0 from 2.2.2.2:500 to 1.1.1.1:500 with cookies 0b6fbe51fb380f32 and da0394185ea91f60 because A Phase 2 packet arrived while XAuth was still pending. IKE 2.2.2.2 Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime. As I understand phase2 don't start. In Domain Controller security logs, I see that authentication was successful for user test test. what should I change in Shrewsoft configuration to make this VPN client to work? Many Thanks. Zigmunds _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
