Re: [vpn-help] Mac OS Lion Error on VPN Connection

Thu, 26 Jan 2012 19:32:31 -0800 

On 01/26/2012 04:17 PM, Rui Cordeiro wrote:

Hi,

Double check the phase 1 options or the shared secret, something is different
from the previous configs you had.
Maybe the profile isn't exactly the same.

Regards,

Rui Cordeiro

Phone: +351 912 128 019
E-mail:[email protected]


On 01/26/2012 08:59 PM, Ali Akbar Sohanghpurwala wrote:


 Kevin:

 I have been using Shrew VPN Client on my windows machines for some time now
 without any problems. I am not an expert in VPN but I have managed to follow
 setup instructions and get it to work. I have a Juniper SSG5 at work and I VPN
 into it. Recently I purchased a MacBook Pro with OS Lion. I have installed and
 Parallels and Win 7 in the virtual machine.

 At first I installed Shrew VPN Client 2.17 on the Win 7 exactly the way I have
 on my other machines and it gave me an error. So I obtained the instructions
 from your site and installed 2.2 on OS Lion. It also gives me the same error.
 On the laptop it goes all the way up to bringing up the tunnel and then fails
 with the following message:

 “negotiation timeout occurred, tunnel disabled, detached from key daemon”

 On the Juniper SSG5 I get the following message:

 “Rejected an IKE packet on ethernet0/0 from 173.14.113.251:1471 to
 173.14.113.251:500 with cookies f4cfdea6709b14e8 and 0000000000000000 because
 An initial Phase 1 packet arrived from an unrecognized peer gateway.”

 Where should I start to look for possible problems?



Hi Ali,
Rui is correct. Look at the Phase1 settings, specifically on the Authentication tab in Shrew. Make sure the settings under Local Identity match with the Remote Gateway settings on the Juniper.
Also, do as Rui suggested and make sure the Pre Shared Key matches. I'd even suggest entering it again on both sides, as it's happened at least three different times for me that I've made a typo putting it in on one side or the other.
Note that if you defined on the Juniper that the Remote Gateway has a Static IP Address, it's very possible that this new machine has a different IP on your local network, and so it doesn't match what the Juniper is expecting. 
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help

Reply via email to