Here are the logs from a working 2.1.7 machine and another machine
that I just installed 2.2.0 on and used the same policy and user for,
and cannot get the SA to establish. Thanks.
James J. Minard, MCP Network Technician Precision Computer Solutions,
Inc. [email protected] Phone (810) 987-8748 Ext 122
-----Original Message----- From: [email protected]
[mailto:[email protected]] On Behalf Of
[email protected] Sent: Friday, May 10, 2013 1:00 PM
To: [email protected] Subject: vpn-help Digest, Vol 80, Issue
11
Send vpn-help mailing list submissions to [email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.shrew.net/mailman/listinfo/vpn-help or, via email, send
a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of vpn-help digest..."
Today's Topics:
1. Re: . Windows 8 - Shrew to Juniper connection - SA failed (James
Minard) (James Minard) 2. Re: Windows 8 - Shrew to Juniper connection
- SA failed (Kevin VPN) 3. Re: . Windows 8 - Shrew to Juniper
connection - SA failed (James Minard) (Kevin VPN) 4. Connecting Shrew
2.2.0 to ZyWALL USG 20 - invalid message from gateway (Lukasz Sokol)
5. VPN connection to NetASQ V9 with certificates (J Greenhouse)
----------------------------------------------------------------------
Message: 1 Date: Thu, 9 May 2013 19:41:40 +0000 From: James Minard
<[email protected]> To: "[email protected]"
<[email protected]> Subject: Re: [vpn-help] . Windows 8 -
Shrew to Juniper connection - SA failed (James Minard) Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
Further followup on this today revealed that it's not just a Windows
8 issue with the 2.2.0 client. I had a Windows 7 machine that
exhibited the same behavior. I downgraded that one to 2.1.7 and it
worked fine. I guess my next step is going to be to load the 2.2.0
client on my Windows 7 PC and play around with some of the settings,
unless anyone knows offhand why this would be occurring. One thing I
did notice is that my 2.1.7 client connections with NAT-T / IKE |
ESP, but the 2.2.0 client says NAT-T v2 /IKE | ESP
James J. Minard, MCP Network Technician Precision Computer Solutions,
Inc. [email protected] Phone (810) 987-8748 Ext 122
-----Original Message----- From: [email protected]
[mailto:[email protected]] On Behalf Of
[email protected] Sent: Thursday, May 09, 2013 1:00
PM To: [email protected] Subject: vpn-help Digest, Vol 80,
Issue 10
----------------------------------------------------------------------
Message: 1 Date: Thu, 9 May 2013 00:46:48 +0000 From: James Minard
<[email protected]> To: "[email protected]"
<[email protected]> Subject: [vpn-help] Windows 8 - Shrew to
Juniper connection - SA failed Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
The xauth is succeeding, but on the remote client, if I switch over
to the Network tab, it shows 0 established SAs, 0 Expired, but the
Failed starts at 0 and then starts incrementing up to 1,2,3, etc. I
thought maybe it was something to do with the Microsoft wi-fi virtual
adapter in Windows 8, so I had the remote user disable that since I
thought it was like the Windows 7 Microsoft virtual wi-fi minport
adapter that I have seen cause problems with Shrew, but it didn't'
make a difference.
Any suggestions on what else could be causing this behavior? I've
never seen the SA not establish after xauth is successful. The same
user account works fine from my workstation, but it's Windows 7 and
on an Ethernet connection, not wi-fi.
James J. Minard, MCP Network Technician Precision Computer Solutions,
Inc. [email protected]<mailto:[email protected]> Phone
(810) 987-8748 Ext 122
-------------- next part -------------- An HTML attachment was
scrubbed... URL:
<https://lists.shrew.net/pipermail/vpn-help/attachments/20130509/5b66e808/attachment-0001.html>
------------------------------
_______________________________________________ vpn-help mailing
list [email protected]
https://lists.shrew.net/mailman/listinfo/vpn-help
End of vpn-help Digest, Vol 80, Issue 10
****************************************
------------------------------
Message: 2 Date: Thu, 9 May 2013 21:23:25 -0400 From: Kevin VPN
<[email protected]> To: [email protected] Subject: Re: [vpn-help]
Windows 8 - Shrew to Juniper connection - SA failed Message-ID:
<[email protected]> Content-Type:
text/plain; charset="ISO-8859-1"; format=flowed
On 05/08/2013 08:46 PM, James Minard wrote:
The xauth is succeeding, but on the remote client, if I switch over
to the Network tab, it shows 0 established SAs, 0 Expired, but the
Failed starts at 0 and then starts incrementing up to 1,2,3, etc. I
thought maybe it was something to do with the Microsoft wi-fi
virtual adapter in Windows 8, so I had the remote user disable that
since I thought it was like the Windows 7 Microsoft virtual wi-fi
minport adapter that I have seen cause problems with Shrew, but it
didn't' make a difference.
Any suggestions on what else could be causing this behavior? I've
never seen the SA not establish after xauth is successful. The
same user account works fine from my workstation, but it's Windows
7 and on an Ethernet connection, not wi-fi.
Hi James,
A failed SA is often because of a policy mismatch between Shrew and
the VPN gateway, but since I assume you're using the exact same
configuration on your Win7 workstation vs the Win8 machine, I'm not
sure that's the case.
Can you provide a bug report for us so we can see what Shrew is
reporting? The instructions are here:
https://www.shrew.net/support/VPN_Bug_Report_Windows
------------------------------
Message: 3 Date: Thu, 9 May 2013 21:27:47 -0400 From: Kevin VPN
<[email protected]> To: [email protected] Subject: Re: [vpn-help]
. Windows 8 - Shrew to Juniper connection - SA failed (James Minard)
Message-ID: <[email protected]>
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
On 05/09/2013 03:41 PM, James Minard wrote:
Further followup on this today revealed that it's not just a
Windows 8 issue with the 2.2.0 client. I had a Windows 7 machine
that exhibited the same behavior. I downgraded that one to 2.1.7
and it worked fine. I guess my next step is going to be to load the
2.2.0 client on my Windows 7 PC and play around with some of the
settings, unless anyone knows offhand why this would be occurring.
One thing I did notice is that my 2.1.7 client connections with
NAT-T / IKE | ESP, but the 2.2.0 client says NAT-T v2 /IKE | ESP
Hi James,
I just wrote back to your first message, then when I refreshed I saw
this one.
IKEv2 could be a cause of the problem. It's an interesting piece to
explore anyway.
In addition to the bug report (Shrew logs) that I requested before,
can you provide a log from a Shrew 2.1.7 installation that's
working?
