I have a 32-bit Windows Ultimate machine, Dell Vostro and I cannot get a
tunnel established with Shrew VPN against a Juniper SSG5 firewall. The
same profile on a different machine running Vista works fine with Shrew
2.6, even on the same network. There are 3 machines that have this issue,
but I only have access to this one at the moment.
When I try to connect, it times out saying "negotiation timout occurred".
It looks like there might be an issue with the Shrew VPN adapter, because
it is disabled but when I try to enable it, it disappears from Device
Manager and doesn't come back until I re-install.
I ran debug on the firewall, and when this host attempts to connect the
firewall never gets any packets. On the other two machines I was able to
connect using a cell modem, but once the users took it home it did not
work.
I have tried Shrew 2.5, 2.6, 2.7 and the latest stable beta 2.1.7-rc1 -
all have the same problem.
Thanks!
10/11/11 23:27:15 ## : IKE Daemon, ver 2.1.6
10/11/11 23:27:15 ## : Copyright 2009 Shrew Soft Inc.
10/11/11 23:27:15 ## : This product linked OpenSSL 0.9.8h 28 May 2008
10/11/11 23:27:15 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
10/11/11 23:27:15 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-decrypt.cap'
10/11/11 23:27:15 ii : rebuilding vnet device list ...
10/11/11 23:27:15 ii : device ROOT\VNET\0000 disabled
10/11/11 23:27:15 ii : network process thread begin ...
10/11/11 23:27:15 ii : pfkey process thread begin ...
10/11/11 23:27:15 ii : ipc server process thread begin ...
10/11/11 23:28:04 ii : ipc client process thread begin ...
10/11/11 23:28:04 <A : peer config add message
10/11/11 23:28:04 DB : peer added ( obj count = 1 )
10/11/11 23:28:04 ii : local address 10.23.0.7 selected for peer
10/11/11 23:28:04 DB : tunnel added ( obj count = 1 )
10/11/11 23:28:04 <A : proposal config message
10/11/11 23:28:04 <A : proposal config message
10/11/11 23:28:04 <A : client config message
10/11/11 23:28:04 <A : xauth username message
10/11/11 23:28:04 <A : xauth password message
10/11/11 23:28:04 <A : local id 'vpn.customer.com' message
10/11/11 23:28:04 <A : preshared key message
10/11/11 23:28:04 <A : remote resource message
10/11/11 23:28:04 <A : peer tunnel enable message
10/11/11 23:28:04 DB : new phase1 ( ISAKMP initiator )
10/11/11 23:28:04 DB : exchange type is aggressive
10/11/11 23:28:04 DB : 10.23.0.7:500 <-> XX.YY.ZZ.11:500
10/11/11 23:28:04 DB : a04c2090d47dae09:0000000000000000
10/11/11 23:28:04 DB : phase1 added ( obj count = 1 )
10/11/11 23:28:04 >> : security association payload
10/11/11 23:28:04 >> : - proposal #1 payload
10/11/11 23:28:04 >> : -- transform #1 payload
10/11/11 23:28:04 >> : key exchange payload
10/11/11 23:28:04 >> : nonce payload
10/11/11 23:28:04 >> : identification payload
10/11/11 23:28:04 >> : vendor id payload
10/11/11 23:28:04 ii : local supports XAUTH
10/11/11 23:28:04 >> : vendor id payload
10/11/11 23:28:04 ii : local supports nat-t ( draft v00 )
10/11/11 23:28:04 >> : vendor id payload
10/11/11 23:28:04 ii : local supports nat-t ( draft v01 )
10/11/11 23:28:04 >> : vendor id payload
10/11/11 23:28:04 ii : local supports nat-t ( draft v02 )
10/11/11 23:28:04 >> : vendor id payload
10/11/11 23:28:04 ii : local supports nat-t ( draft v03 )
10/11/11 23:28:04 >> : vendor id payload
10/11/11 23:28:04 ii : local supports nat-t ( rfc )
10/11/11 23:28:04 >> : vendor id payload
10/11/11 23:28:04 ii : local supports FRAGMENTATION
10/11/11 23:28:04 >> : vendor id payload
10/11/11 23:28:04 ii : local is SHREW SOFT compatible
10/11/11 23:28:04 >> : vendor id payload
10/11/11 23:28:04 ii : local is NETSCREEN compatible
10/11/11 23:28:04 >> : vendor id payload
10/11/11 23:28:04 ii : local is SIDEWINDER compatible
10/11/11 23:28:04 >> : vendor id payload
10/11/11 23:28:04 ii : local is CISCO UNITY compatible
10/11/11 23:28:04 >= : cookies a04c2090d47dae09:0000000000000000
10/11/11 23:28:04 >= : message 00000000
10/11/11 23:28:04 -> : send IKE packet 10.23.0.7:500 -> XX.YY.ZZ.11:500 ( 522
bytes )
10/11/11 23:28:04 DB : phase1 resend event scheduled ( ref count = 2 )
10/11/11 23:28:09 -> : resend 1 phase1 packet(s) 10.23.0.7:500 ->
XX.YY.ZZ.11:500
10/11/11 23:28:14 -> : resend 1 phase1 packet(s) 10.23.0.7:500 ->
XX.YY.ZZ.11:500
10/11/11 23:28:19 -> : resend 1 phase1 packet(s) 10.23.0.7:500 ->
XX.YY.ZZ.11:500
10/11/11 23:28:24 ii : resend limit exceeded for phase1 exchange
10/11/11 23:28:24 ii : phase1 removal before expire time
10/11/11 23:28:24 DB : phase1 deleted ( obj count = 0 )
10/11/11 23:28:24 DB : policy not found
10/11/11 23:28:24 DB : policy not found
10/11/11 23:28:24 DB : policy not found
10/11/11 23:28:24 DB : policy not found
10/11/11 23:28:24 DB : policy not found
10/11/11 23:28:24 DB : policy not found
10/11/11 23:28:24 DB : tunnel stats event canceled ( ref count = 1 )
10/11/11 23:28:24 DB : removing tunnel config references
10/11/11 23:28:24 DB : removing tunnel phase2 references
10/11/11 23:28:24 DB : removing tunnel phase1 references
10/11/11 23:28:24 DB : tunnel deleted ( obj count = 0 )
10/11/11 23:28:24 DB : removing all peer tunnel refrences
10/11/11 23:28:24 DB : peer deleted ( obj count = 0 )
10/11/11 23:28:24 ii : ipc client process thread exit ...
>From Access Manager
config loaded for site 'customer.vpn'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel ...
bringing down tunnel ...
session terminated by user
tunnel disabled
detached from key daemon ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel ...
negotiation timout occurred
tunnel disabled
detached from key daemon ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel ...
negotiation timout occurred
tunnel disabled
detached from key daemon ...
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
