Kevin VPN <kvpn@...> writes: > > On 12/08/2011 03:18 PM, Tim Keane wrote: > > > > Yes, I am seeing the 'completed negotiations' message in the Juniper > > event log. The lifetime of 3600 s / 0 KB matches the parameters in the > > Shrew client's configuration. > > > > I've been examining the debug ike output, but I'm pretty much seeing the > > same > > thing. The connection seems to be made, the Shrew client continues to send > > Phase2 packets, eventually hitting its resend limit, at which point it > > sends a peer delete message. > > > > Are you using a policy-based or route-based VPN on the Juniper? Have > you also done flow filters and/or snoops in conjunction with the debug ike? > > If you want, you can send me the get db str output and I can take a look > at it (feel free to anonymize IPs/usernames). >
I think I figured this out. One line in my Juniper configuration seems to have been preventing the remote VPN connection: set ike responder-set-commit After removing that line from my config, I can successfully make remote connections. Thanks to Kevin for leading me down the right path. _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
