> > This phase2 loop suggests to me that something still isn't right with > phase2. > > You say you're using Juniper and can see the logs. Does it report a > "completed negotiations" message in the event log? It will list the the > lifetime so you can see if it matches what Shrew reports. > > There's also a 'debug ike' command you can run at the CLI that may also > shed some light on things. >
Yes, I am seeing the 'completed negotiations' message in the Juniper event log. The lifetime of 3600 s / 0 KB matches the parameters in the Shrew client's configuration. I've been examining the debug ike output, but I'm pretty much seeing the same thing. The connection seems to be made, the Shrew client continues to send Phase2 packets, eventually hitting its resend limit, at which point it sends a peer delete message. _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
