On 07/15/2013 04:03 PM, Drew Majewski wrote:
Hello,
<snip>
Juniper support has stated: "I suspect that Shrew soft client 2.2.2,
running on windows xp (which is what I tried) is not compatible with the
Juniper firewall.
The shrew soft client seems to be sending a notification message(DOI 1
24578 INITIAL-CONTACT), which is halting or stopping the Juniper firewall
to proceed with phase-2 negotiations (refer frame4 in the packet capture
shrewsoftsnoop1.pcap)
Hi Drew,
Shrew works just fine with Juniper ScreenOS devices (like the SSGs).
The first thing I'd do is make sure that in the Shrew config, General
tab, Auto Configuration is set to "ike config push" - that's a key
setting for Junipers.
<snip>
The other errors that are being logged with this are: "Rejected an IKE
packet on ethernet0/2 from 96.242.112.67:14499 to 96.242.112.68:4500 with
cookies 5cd1700e400706fd and 0ba9de74df44fcb6 because A Phase 2 packet
arrived while XAuth was still pending. IKE 96.242.112.67 Phase 2 msg ID
fd04e4ca: Negotiations have failed. "
Don't worry about the XAuth still pending error, I've seen it even on
successful connections. The Phase 2 message is a problem though.
Can you generate a debug log from Shrew for us so we can see what Shrew
sees from the gateway?
https://www.shrew.net/support/VPN_Bug_Report_Windows
_______________________________________________
vpn-help mailing list
[email protected]
https://lists.shrew.net/mailman/listinfo/vpn-help
