I've setup client and gateway as suggested in documentation for Netscreen devices and can't get a positive result. Always times out with message 'resend limit exceeded for phase1 exchange' and closes down the processes.
I've ensured IP addressing isn't overlapping; I've reinstalled and run client under admin account; I've switched from using virtual adapter and existing, I've tried wireless and wired, all to no avail. System: Lenovo Thinkpad T510 Windows 7 Pro 64 bit Gateway: Netscreen NS25 Firmware version 5.4.0r11.0 (Firewall+VPN) Trace Output: 11/01/11 10:03:51 ## : IKE Daemon, ver 2.1.7 11/01/11 10:03:51 ## : Copyright 2010 Shrew Soft Inc. 11/01/11 10:03:51 ## : This product linked OpenSSL 0.9.8h 28 May 2008 11/01/11 10:03:51 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log' 11/01/11 10:03:51 ii : opened 'C:\Program Files\ShrewSoft\VPN Client/debug/dump-ike-decrypt.cap' 11/01/11 10:03:51 ii : rebuilding vnet device list ... 11/01/11 10:03:51 ii : device ROOT\VNET\0000 disabled 11/01/11 10:03:51 ii : network process thread begin ... 11/01/11 10:03:51 ii : pfkey process thread begin ... 11/01/11 10:03:51 ii : ipc server process thread begin ... 11/01/11 10:04:07 ii : ipc client process thread begin ... 11/01/11 10:04:07 <A : peer config add message 11/01/11 10:04:07 DB : peer added ( obj count = 1 ) 11/01/11 10:04:07 ii : local address 172.16.0.152 selected for peer 11/01/11 10:04:07 DB : tunnel added ( obj count = 1 ) 11/01/11 10:04:07 <A : proposal config message 11/01/11 10:04:07 <A : proposal config message 11/01/11 10:04:07 <A : client config message 11/01/11 10:04:07 <A : xauth username message 11/01/11 10:04:07 <A : xauth password message 11/01/11 10:04:07 <A : local id 'client.domain.com' message 11/01/11 10:04:07 <A : remote id 'vpngw.domain.com' message 11/01/11 10:04:07 <A : preshared key message 11/01/11 10:04:07 <A : remote resource message 11/01/11 10:04:07 <A : peer tunnel enable message 11/01/11 10:04:07 DB : new phase1 ( ISAKMP initiator ) 11/01/11 10:04:07 DB : exchange type is aggressive 11/01/11 10:04:07 DB : 172.16.0.152:500 <-> [MASKED IP]:500 11/01/11 10:04:07 DB : 5f8212b134209bf6:0000000000000000 11/01/11 10:04:07 DB : phase1 added ( obj count = 1 ) 11/01/11 10:04:07 >> : security association payload 11/01/11 10:04:07 >> : - proposal #1 payload 11/01/11 10:04:07 >> : -- transform #1 payload 11/01/11 10:04:07 >> : -- transform #2 payload 11/01/11 10:04:07 >> : -- transform #3 payload 11/01/11 10:04:07 >> : -- transform #4 payload 11/01/11 10:04:07 >> : -- transform #5 payload 11/01/11 10:04:07 >> : -- transform #6 payload 11/01/11 10:04:07 >> : -- transform #7 payload 11/01/11 10:04:07 >> : -- transform #8 payload 11/01/11 10:04:07 >> : -- transform #9 payload 11/01/11 10:04:07 >> : -- transform #10 payload 11/01/11 10:04:07 >> : -- transform #11 payload 11/01/11 10:04:07 >> : -- transform #12 payload 11/01/11 10:04:07 >> : -- transform #13 payload 11/01/11 10:04:07 >> : -- transform #14 payload 11/01/11 10:04:07 >> : -- transform #15 payload 11/01/11 10:04:07 >> : -- transform #16 payload 11/01/11 10:04:07 >> : -- transform #17 payload 11/01/11 10:04:07 >> : -- transform #18 payload 11/01/11 10:04:07 >> : key exchange payload 11/01/11 10:04:07 >> : nonce payload 11/01/11 10:04:07 >> : identification payload 11/01/11 10:04:07 >> : vendor id payload 11/01/11 10:04:07 ii : local supports XAUTH 11/01/11 10:04:07 >> : vendor id payload 11/01/11 10:04:07 ii : local supports nat-t ( draft v00 ) 11/01/11 10:04:07 >> : vendor id payload 11/01/11 10:04:07 ii : local supports nat-t ( draft v01 ) 11/01/11 10:04:07 >> : vendor id payload 11/01/11 10:04:07 ii : local supports nat-t ( draft v02 ) 11/01/11 10:04:07 >> : vendor id payload 11/01/11 10:04:07 ii : local supports nat-t ( draft v03 ) 11/01/11 10:04:07 >> : vendor id payload 11/01/11 10:04:07 ii : local supports nat-t ( rfc ) 11/01/11 10:04:07 >> : vendor id payload 11/01/11 10:04:07 ii : local supports FRAGMENTATION 11/01/11 10:04:07 >> : vendor id payload 11/01/11 10:04:07 ii : local supports DPDv1 11/01/11 10:04:07 >> : vendor id payload 11/01/11 10:04:07 ii : local is SHREW SOFT compatible 11/01/11 10:04:07 >> : vendor id payload 11/01/11 10:04:07 ii : local is NETSCREEN compatible 11/01/11 10:04:07 >> : vendor id payload 11/01/11 10:04:07 ii : local is SIDEWINDER compatible 11/01/11 10:04:07 >> : vendor id payload 11/01/11 10:04:07 ii : local is CISCO UNITY compatible 11/01/11 10:04:07 >= : cookies 5f8212b134209bf6:0000000000000000 11/01/11 10:04:07 >= : message 00000000 11/01/11 10:04:07 -> : send IKE packet 172.16.0.152:500 -> [MASKED IP]:500 ( 1193 bytes ) 11/01/11 10:04:07 DB : phase1 resend event scheduled ( ref count = 2 ) 11/01/11 10:04:12 -> : resend 1 phase1 packet(s) 172.16.0.152:500 -> [MASKED IP]:500 11/01/11 10:04:17 -> : resend 1 phase1 packet(s) 172.16.0.152:500 -> [MASKED IP]:500 11/01/11 10:04:22 -> : resend 1 phase1 packet(s) 172.16.0.152:500 -> [MASKED IP]:500 11/01/11 10:04:27 ii : resend limit exceeded for phase1 exchange 11/01/11 10:04:27 ii : phase1 removal before expire time 11/01/11 10:04:27 DB : phase1 deleted ( obj count = 0 ) 11/01/11 10:04:27 DB : policy not found 11/01/11 10:04:27 DB : policy not found 11/01/11 10:04:27 DB : policy not found 11/01/11 10:04:27 DB : policy not found 11/01/11 10:04:27 DB : policy not found 11/01/11 10:04:27 DB : policy not found 11/01/11 10:04:27 DB : tunnel stats event canceled ( ref count = 1 ) 11/01/11 10:04:27 DB : removing tunnel config references 11/01/11 10:04:27 DB : removing tunnel phase2 references 11/01/11 10:04:27 DB : removing tunnel phase1 references 11/01/11 10:04:27 DB : tunnel deleted ( obj count = 0 ) 11/01/11 10:04:27 DB : removing all peer tunnel refrences 11/01/11 10:04:27 DB : peer deleted ( obj count = 0 ) 11/01/11 10:04:27 ii : ipc client process thread exit ... _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
