Hello, Ladies and gentlemen: the story you are about to read is true. Only the IPs have been changed to protect the innocent.
x.x.x.x is my public IP y.y.y.y is the firewall public IP z.z.z.z is my private IP I am having a issue creating a vpn between my Windows 7 Enterprise sp1 32bit machine with Shew Soft vpnclient ver 2.1.7 and my Juniper SSG-140 ver 6.3.0r9.0. I followed the procedure http://www.shrew.net/support/wiki/HowtoJuniperSsg and read a bunch of post about similar issues but I am unable to make it work. On the firewall I am getting this error message: Rejected an IKE packet on ethernet0/0 from x.x.x.x:500 to y.y.y.y:500 with cookies 0568dc4dfbfdf45c and 0000000000000000 because an initial Phase 1 packet arrived from an unrecognized peer gateway. An this is my Iked.log: 12/03/09 07:44:45 ## : IKE Daemon, ver 2.1.7 12/03/09 07:44:45 ## : Copyright 2010 Shrew Soft Inc. 12/03/09 07:44:45 ## : This product linked OpenSSL 0.9.8h 28 May 2008 12/03/09 07:44:45 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log' 12/03/09 07:44:45 ii : rebuilding vnet device list ... 12/03/09 07:44:45 ii : device ROOT\VNET\0000 disabled 12/03/09 07:44:45 ii : network process thread begin ... 12/03/09 07:44:45 ii : pfkey process thread begin ... 12/03/09 07:44:45 ii : ipc server process thread begin ... 12/03/09 07:44:56 ii : ipc client process thread begin ... 12/03/09 07:44:56 <A : peer config add message 12/03/09 07:44:56 DB : peer added ( obj count = 1 ) 12/03/09 07:44:56 ii : local address z.z.z.z.86 selected for peer 12/03/09 07:44:56 DB : tunnel added ( obj count = 1 ) 12/03/09 07:44:56 <A : proposal config message 12/03/09 07:44:56 <A : proposal config message 12/03/09 07:44:56 <A : client config message 12/03/09 07:44:56 <A : xauth username message 12/03/09 07:44:56 <A : xauth password message 12/03/09 07:44:56 <A : local id 'user.corp.net' message 12/03/09 07:44:56 <A : remote id 'vpngw.corp.net' message 12/03/09 07:44:56 <A : preshared key message 12/03/09 07:44:56 <A : remote resource message 12/03/09 07:44:56 <A : peer tunnel enable message 12/03/09 07:44:56 DB : new phase1 ( ISAKMP initiator ) 12/03/09 07:44:56 DB : exchange type is aggressive 12/03/09 07:44:56 DB : z.z.z.z.86:500 <-> y.y.y.y:500 12/03/09 07:44:56 DB : 48395a78f6d2e09f:0000000000000000 12/03/09 07:44:56 DB : phase1 added ( obj count = 1 ) 12/03/09 07:44:56 >> : security association payload 12/03/09 07:44:56 >> : - proposal #1 payload 12/03/09 07:44:56 >> : -- transform #1 payload 12/03/09 07:44:56 >> : key exchange payload 12/03/09 07:44:56 >> : nonce payload 12/03/09 07:44:56 >> : identification payload 12/03/09 07:44:56 >> : vendor id payload 12/03/09 07:44:56 ii : local supports XAUTH 12/03/09 07:44:56 >> : vendor id payload 12/03/09 07:44:56 ii : local supports nat-t ( draft v00 ) 12/03/09 07:44:56 >> : vendor id payload 12/03/09 07:44:56 ii : local supports nat-t ( draft v01 ) 12/03/09 07:44:56 >> : vendor id payload 12/03/09 07:44:56 ii : local supports nat-t ( draft v02 ) 12/03/09 07:44:56 >> : vendor id payload 12/03/09 07:44:56 ii : local supports nat-t ( draft v03 ) 12/03/09 07:44:56 >> : vendor id payload 12/03/09 07:44:56 ii : local supports nat-t ( rfc ) 12/03/09 07:44:56 >> : vendor id payload 12/03/09 07:44:56 ii : local supports FRAGMENTATION 12/03/09 07:44:56 >> : vendor id payload 12/03/09 07:44:56 ii : local supports DPDv1 12/03/09 07:44:56 >> : vendor id payload 12/03/09 07:44:56 ii : local is SHREW SOFT compatible 12/03/09 07:44:56 >> : vendor id payload 12/03/09 07:44:56 ii : local is NETSCREEN compatible 12/03/09 07:44:56 >> : vendor id payload 12/03/09 07:44:56 ii : local is SIDEWINDER compatible 12/03/09 07:44:56 >> : vendor id payload 12/03/09 07:44:56 ii : local is CISCO UNITY compatible 12/03/09 07:44:56 >= : cookies 48395a78f6d2e09f:0000000000000000 12/03/09 07:44:56 >= : message 00000000 12/03/09 07:44:56 -> : send IKE packet z.z.z.z.86:500 -> y.y.y.y:500 ( 535 bytes ) 12/03/09 07:44:56 DB : phase1 resend event scheduled ( ref count = 2 ) 12/03/09 07:45:01 -> : resend 1 phase1 packet(s) z.z.z.z.86:500 -> y.y.y.y:500 12/03/09 07:45:06 -> : resend 1 phase1 packet(s) z.z.z.z.86:500 -> y.y.y.y:500 12/03/09 07:45:11 -> : resend 1 phase1 packet(s) z.z.z.z.86:500 -> y.y.y.y:500 12/03/09 07:45:16 ii : resend limit exceeded for phase1 exchange 12/03/09 07:45:16 ii : phase1 removal before expire time 12/03/09 07:45:16 DB : phase1 deleted ( obj count = 0 ) 12/03/09 07:45:16 DB : policy not found 12/03/09 07:45:16 DB : policy not found 12/03/09 07:45:16 DB : policy not found 12/03/09 07:45:16 DB : policy not found 12/03/09 07:45:16 DB : policy not found 12/03/09 07:45:16 DB : policy not found 12/03/09 07:45:16 DB : tunnel stats event canceled ( ref count = 2 ) 12/03/09 07:45:16 DB : removing tunnel config references 12/03/09 07:45:16 DB : removing tunnel phase2 references 12/03/09 07:45:16 DB : removing tunnel phase1 references 12/03/09 07:45:16 DB : removing all peer tunnel refrences 12/03/09 07:45:16 ii : ipc client process thread exit ... 12/03/09 07:45:16 DB : tunnel deleted ( obj count = 0 ) 12/03/09 07:45:16 DB : peer deleted ( obj count = 0 )
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
