On 07/06/2011 12:26 PM, Val Dodge wrote:
Hi,
We're testing the Shrew Soft VPN client and we're having an issue
establishing a connection to our Juniper SSG-140 firewall; the Shrew
Soft client works fine with our Juniper SSG-5. As far as I can tell, the
VPN configurations on both the firewall and client are identical except
for IP addresses, credentials, and the like.
When I connect to the problematic firewall, the client connects
successfully and reports that the connection is up, But the Network tab
shows one Security Association established and almost immediately
expired and no traffic actually makes it through.
...
The iked.log is attached. The SSG logs don't show any difference between
the successful and unsuccessful connections.
Hi Val,
I notice a couple things in the iked.log output, but the one that jumps
out at me is this one:
11/07/05 12:47:34 ii : - loc ANY:192.168.8.26:* -> ANY:192.168.0.0/16:*
11/07/05 12:47:34 ii : - rmt ANY:192.168.0.0/16:* -> ANY:192.168.8.26:*
This suggests that you have overlapping IP ranges between the addresses
you're assigning to the VPN clients and the destination network. This
could be causing problems. Do you have this same configuration on the
SSG-5?
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
