On 04/14/2012 04:37 AM, Jeroen J.A.W. Hermans wrote:
Thank you for your reply. I have checked my config, but DPD was not
enabled. I cannot find any keepalive/heartbeat statements in my config
(NAT-keepalive is off). The problem remains the same, also with other
users at different remote locations. I feel i have tried all possible
options, but nothing seems to work. Are there any other possible options
i could try?
Kind regards,
Jeroen Hermans
On 12-4-2012 4:31, Kevin VPN wrote:
On 04/03/2012 04:09 PM, Jeroen J.A.W. Hermans wrote:
I have a problem i have been working on a few weeks now and i don't seem
to be able to get Shrew to work nicely with my Juniper SRX210. Setting
up a VPN to the SRX is not a problem. Phase 1 and 2 are completed
succesfully. I am able to ping to the other netwerk without any
problems, but after about 6 minutes Shrew disconnects (see tracedump
under this mail). I am using a Juniper SRX210 running JunOS 11.1R1.10
and Shrew VPN 2.2.0. I am using a cabled network and i am behind a NAT
router.
Hi Jeroen,
I would look at the Dead Peer Detection (DPD) or Heartbeat/Keepalive
settings, they often have a timeout of 300 seconds (5 minutes). Try
turning DPD or Heartbeat off to see if that changes the problem.
Hi Jeroen,
If it is enabled on the gateway (SRX), you could try disabling
NAT-Traversal (NAT-T). I've seen occasionally where that causes
problems if the gateway itself is not behind a NAT.
If the client (Shrew) NAT router supports proper handling of the
IPSec+NAT, you may not need NAT-T enabled on the gateway.
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
