Kevin, 1. It's an SSG. 2. I will have to try again tomorrow afternoon when I'm in the office with the 2.2.0 client to generate the logs on the Juniper.
James J. Minard, MCP Network Technician Precision Computer Solutions, Inc. [email protected] Phone (810) 987-8748 Ext 122 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Monday, May 13, 2013 1:00 PM To: [email protected] Subject: vpn-help Digest, Vol 80, Issue 13 Send vpn-help mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://lists.shrew.net/mailman/listinfo/vpn-help or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of vpn-help digest..." Today's Topics: 1. Re: Windows 8 - Shrew to Juniper connection - SA (Kevin VPN) ---------------------------------------------------------------------- Message: 1 Date: Sun, 12 May 2013 20:53:29 -0400 From: Kevin VPN <[email protected]> To: [email protected] Subject: Re: [vpn-help] Windows 8 - Shrew to Juniper connection - SA Message-ID: <[email protected]> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed On 05/10/2013 02:18 PM, James Minard wrote: > Here are the logs from a working 2.1.7 machine and another machine > that I just installed 2.2.0 on and used the same policy and user for, > and cannot get the SA to establish. Thanks. > > James J. Minard, MCP Network Technician Precision Computer Solutions, > Inc. [email protected] Phone (810) 987-8748 Ext 122 > > > -----Original Message----- From: [email protected] > [mailto:[email protected]] On Behalf Of > [email protected] Sent: Friday, May 10, 2013 1:00 PM > To: [email protected] Subject: vpn-help Digest, Vol 80, Issue > 11 > > Send vpn-help mailing list submissions to [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.shrew.net/mailman/listinfo/vpn-help or, via email, send > a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of vpn-help digest..." > > > Today's Topics: > > 1. Re: . Windows 8 - Shrew to Juniper connection - SA failed (James > Minard) (James Minard) 2. Re: Windows 8 - Shrew to Juniper connection > - SA failed (Kevin VPN) 3. Re: . Windows 8 - Shrew to Juniper > connection - SA failed (James Minard) (Kevin VPN) 4. Connecting Shrew > 2.2.0 to ZyWALL USG 20 - invalid message from gateway (Lukasz Sokol) > 5. VPN connection to NetASQ V9 with certificates (J Greenhouse) > > > ---------------------------------------------------------------------- > > Message: 1 Date: Thu, 9 May 2013 19:41:40 +0000 From: James Minard > <[email protected]> To: "[email protected]" > <[email protected]> Subject: Re: [vpn-help] . Windows 8 - Shrew > to Juniper connection - SA failed (James Minard) Message-ID: > <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Further followup on this today revealed that it's not just a Windows > 8 issue with the 2.2.0 client. I had a Windows 7 machine that > exhibited the same behavior. I downgraded that one to 2.1.7 and it > worked fine. I guess my next step is going to be to load the 2.2.0 > client on my Windows 7 PC and play around with some of the settings, > unless anyone knows offhand why this would be occurring. One thing I > did notice is that my 2.1.7 client connections with NAT-T / IKE | ESP, > but the 2.2.0 client says NAT-T v2 /IKE | ESP > > James J. Minard, MCP Network Technician Precision Computer Solutions, > Inc. [email protected] Phone (810) 987-8748 Ext 122 > > -----Original Message----- From: [email protected] > [mailto:[email protected]] On Behalf Of > [email protected] Sent: Thursday, May 09, 2013 1:00 PM > To: [email protected] Subject: vpn-help Digest, Vol 80, Issue > 10 > > ---------------------------------------------------------------------- > > Message: 1 Date: Thu, 9 May 2013 00:46:48 +0000 From: James Minard > <[email protected]> To: "[email protected]" > <[email protected]> Subject: [vpn-help] Windows 8 - Shrew to > Juniper connection - SA failed Message-ID: > <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > The xauth is succeeding, but on the remote client, if I switch over to > the Network tab, it shows 0 established SAs, 0 Expired, but the Failed > starts at 0 and then starts incrementing up to 1,2,3, etc. I thought > maybe it was something to do with the Microsoft wi-fi virtual adapter > in Windows 8, so I had the remote user disable that since I thought it > was like the Windows 7 Microsoft virtual wi-fi minport adapter that I > have seen cause problems with Shrew, but it didn't' > make a difference. > > Any suggestions on what else could be causing this behavior? I've > never seen the SA not establish after xauth is successful. The same > user account works fine from my workstation, but it's Windows 7 and on > an Ethernet connection, not wi-fi. > > James J. Minard, MCP Network Technician Precision Computer Solutions, > Inc. [email protected]<mailto:[email protected]> Phone > (810) 987-8748 Ext 122 > > -------------- next part -------------- An HTML attachment was > scrubbed... URL: > <https://lists.shrew.net/pipermail/vpn-help/attachments/20130509/5b66e > 808/attachment-0001.html> > > ------------------------------ > > _______________________________________________ vpn-help mailing list > [email protected] > https://lists.shrew.net/mailman/listinfo/vpn-help > > > End of vpn-help Digest, Vol 80, Issue 10 > **************************************** > > > > ------------------------------ > > Message: 2 Date: Thu, 9 May 2013 21:23:25 -0400 From: Kevin VPN > <[email protected]> To: [email protected] Subject: Re: [vpn-help] > Windows 8 - Shrew to Juniper connection - SA failed Message-ID: > <[email protected]> Content-Type: > text/plain; charset="ISO-8859-1"; format=flowed > > On 05/08/2013 08:46 PM, James Minard wrote: >> The xauth is succeeding, but on the remote client, if I switch over >> to the Network tab, it shows 0 established SAs, 0 Expired, but the >> Failed starts at 0 and then starts incrementing up to 1,2,3, etc. I >> thought maybe it was something to do with the Microsoft wi-fi virtual >> adapter in Windows 8, so I had the remote user disable that since I >> thought it was like the Windows 7 Microsoft virtual wi-fi minport >> adapter that I have seen cause problems with Shrew, but it didn't' >> make a difference. >> >> Any suggestions on what else could be causing this behavior? I've >> never seen the SA not establish after xauth is successful. The same >> user account works fine from my workstation, but it's Windows >> 7 and on an Ethernet connection, not wi-fi. >> > > Hi James, > > A failed SA is often because of a policy mismatch between Shrew and > the VPN gateway, but since I assume you're using the exact same > configuration on your Win7 workstation vs the Win8 machine, I'm not > sure that's the case. > > Can you provide a bug report for us so we can see what Shrew is > reporting? The instructions are here: > https://www.shrew.net/support/VPN_Bug_Report_Windows > > > ------------------------------ > > Message: 3 Date: Thu, 9 May 2013 21:27:47 -0400 From: Kevin VPN > <[email protected]> To: [email protected] Subject: Re: [vpn-help] . > Windows 8 - Shrew to Juniper connection - SA failed (James Minard) > Message-ID: <[email protected]> > Content-Type: text/plain; charset="ISO-8859-1"; format=flowed > > On 05/09/2013 03:41 PM, James Minard wrote: >> Further followup on this today revealed that it's not just a Windows >> 8 issue with the 2.2.0 client. I had a Windows 7 machine that >> exhibited the same behavior. I downgraded that one to 2.1.7 and it >> worked fine. I guess my next step is going to be to load the >> 2.2.0 client on my Windows 7 PC and play around with some of the >> settings, unless anyone knows offhand why this would be occurring. >> One thing I did notice is that my 2.1.7 client connections with NAT-T >> / IKE | ESP, but the 2.2.0 client says NAT-T v2 /IKE | ESP >> > > Hi James, > > I just wrote back to your first message, then when I refreshed I saw > this one. > > IKEv2 could be a cause of the problem. It's an interesting piece to > explore anyway. > > In addition to the bug report (Shrew logs) that I requested before, > can you provide a log from a Shrew 2.1.7 installation that's working? > Hi James, The log from the 2.2.0 machine shows that the gateway does not respond to the Phase2 negotiation requests from Shrew. Two questions: 1. What kind of Juniper? An SSG or SRX? There are known issues with SRXes I believe. 2. Are you able to get get logs from the gateway itself to ensure that a) the gateway is receiving the Phase2 negotiation request from Shrew and b) to see what it has to say about it? ------------------------------ _______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help End of vpn-help Digest, Vol 80, Issue 13 **************************************** _______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
