On Mon, Jul 15, 2013 at 10:03 PM, Drew Majewski < [email protected]> wrote:
> Hello,**** > > ** ** > > I’ve been working with Juniper support to try and get VPN connectivity > setup with Shrew but we’re having issues getting phase 2 to pass. Juniper > has repeated all the steps in their labs too and get the same results as > below and their only solution is to contact you guys or use another VPN > Client. **** > > ** ** > > Juniper support has stated: “I suspect that Shrew soft client 2.2.2, > running on windows xp (which is what I tried) is not compatible with the > Juniper firewall.**** > > ** ** > > The shrew soft client seems to be sending a notification message(DOI 1 > 24578 INITIAL-CONTACT), which is halting or stopping the Juniper firewall > to proceed with phase-2 negotiations (refer frame4 in the packet capture > shrewsoftsnoop1.pcap)**** > > ** ** > > 2013-07-12 11:47:34 info IKE 96.242.112.67: Received > initial contact notification and removed Phase 1 SAs.**** > > 2013-07-12 11:47:34 info IKE 96.242.112.67: Received > initial contact notification and removed Phase 2 SAs.**** > > 2013-07-12 11:47:34 info IKE 96.242.112.67: Received a > notification message for DOI 1 24578 INITIAL-CONTACT. >> HERE**** > > 2013-07-12 11:47:34 info IKE 96.242.112.67 Phase 1: > Completed Aggressive mode negotiations with a 28800-second lifetime.”**** > > ** ** > > The other errors that are being logged with this are: "Rejected an IKE > packet on ethernet0/2 from 96.242.112.67:14499 to 96.242.112.68:4500 with > cookies 5cd1700e400706fd and 0ba9de74df44fcb6 because A Phase 2 packet > arrived while XAuth was still pending. IKE 96.242.112.67 Phase 2 msg ID > fd04e4ca: Negotiations have failed. "**** > > ** ** > > I’m not sure where to go with this or if it is anything that other users > have experienced.**** > > ** ** > > Thank you for any help you’re able to give. > Hi Drew, it is possible to attach debug info with pcap ? ( https://www.shrew.net/support/VPN_Bug_Report_Windows ) There is some known issue with Juniper and Xauth but it is with SRX : https://lists.shrew.net/pipermail/vpn-help/2012-December/014091.html Regards, **** > > > Drew Majewski**** > > _______________________________________________ > vpn-help mailing list > [email protected] > https://lists.shrew.net/mailman/listinfo/vpn-help > >
_______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
