Hi Matthew,
No problem. I understand that sometimes people have other things to do
than helping me :)
I did disable the DPD, but that did not help at all. I basically
disabled everything that was "fancy" in any way. In my previous mail i
already described that the SRX series of Juniper have NO debugging
whatsoever. The NS25 nicely said: negotiations failed because xxxxx, but
this device does not even tell me whether P1 or P2 has been the problem.
My guess is that Juniper has implemented some kind of keep alive in the
Juniper Pulse software that is not implemented in Shrew. I did not have
the time to debug any further as this was a live system. The only
solution was to buy licenses for the Pulse client :(
But if you figure this one out, i am very much interested.
Kind regards,
Jeroen Hermans
On 17-12-2012 19:06, Matthew Grooms wrote:
Jeron and Gregory,
Sorry for the lack of response in May. There was a long stretch of
time where my schedule was so constricted that I just wasn't able to
answer questions on the list. I hope to do much better in the future.
Many, many thanks to the regular list members who have been doing an
amazing job by answering questions and providing collaborative support
to the mailing list.
With that said, did either of you try to disable DPD on the client
side to see if it allowed the connection to last more than a minute?
Also, is there an error message displayed in the gateway log that
offers some explanation as to why the client gets disconnected?
Thanks,
-Matthew
On 12/17/2012 5:46 AM, Jeroen J.A.W. Hermans wrote:
Hello all,
I am the person asking this question in May 2012. Unfortunally i did not
resolve the question and i bought the Juniper Pulse client licenses.
That seems to work, but i have no idea why Shrewsoft is not working.
Btw: i would never buy an SRX again. The debugging is, well.. none
existent. And my Juniper SRX210 has been rooted through the SSH server.
Juniper's advise was to disable all external management, which of course
is not an option. Really really poor job Juniper! I really liked the
NS25. Next time i will buy two Draytek routers and use them in a high
availability configuration. That saves me a lot of pain and money.
Sorry for the rant, but especially the SSH vulnerability is important
for all you guys. IF someone finds a solution for Shrew + SRX, i am
still very interested!
Kind regards,
Jeroen Hermans
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
