Is there another free vpn client that I can use except netscreen remote? -----Original Message----- From: Stefan Fouant [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 14, 2008 5:34 PM To: M.Mihailidis Cc: Juniper-Nsp; [EMAIL PROTECTED] Subject: Re: [j-nsp] netscreen Vpn
IIRC, XAuth has to take place *after* Phase 1 establishment but *prior to* Phase 2 negotiations. Therefore I believe you are seeing this message because the XAuth authentication needs to be completed before Phase 2 can begin. If you only saw the error once it just means the XAuth packet wasn't received. However, if it's happening consistently it probably indicates a compatibility issue with the Shrew Soft VPN client and the 5GT. Perhaps the Shrew Soft VPN client doesn't conform strictly to (or is interpreting differently) the behavior as defined in the IKE RFC (RFC 2409). Try a different VPN client, perhaps the NS-Remote client and see if you get a different result. Cheers, Stefan Fouant On Wed, May 14, 2008 at 9:12 AM, M.Mihailidis <[EMAIL PROTECTED]> wrote: > Hello im to set up an ipsec vpn with 5gt using Shrew Soft VPN Client from my > pc > > I have setup correctly the 5gt and during the dial I get the message: > > > > > > KE<85.72.37.175>: XAuth login expired and was terminated for username > <supportMM> at <10.32.32.10>.2008-05-14 > > > > 16:16:49infoIKE<xx.xx.xx.xx>: XAuth login was aborted for gateway <IKEGW>, > username <supportMM>, retry: 0.2008-05-14 > > > > 16:16:49infoRejected an IKE packet on ethernet3 from xx.xx.xx.xx:500 to > xx.xx.xx.xx:500 with cookies 4c7bc23a9116366a and ab93bf2f02c0f461 because a > Phase 2 packet arrived while XAuth was still pending.2008- > > 05-14 16:16:49infoIKE<85.72.37.175> Phase 1: Completed Aggressive mode > negotiations with a <28800>-second lifetime.2008-05-14 > > > > 16:16:49infoIKE<xx.xx.xx.xx> Phase 1: Completed for user > <supportMM>.2008-05-14 > > > > 16:16:49infoIKE<xx.xx.xx.xx> Phase 1: Responder starts AGGRESSIVE mode > negotiations. > > > > Anyone knows why is this?? > > Thank you > > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp