On 3/10/2010 5:29 PM, Luke LeBoeuf wrote: > All, > I have a Juniper SSG5 firewall that I am trying to set up to work > with the release shrew client (v2.1.5). I am using the SSG5 firmware > version 6.1.0r2.0. I have set up the gateway side and the client side to > the letter of the shrew documentation, but I keep failing to initiate > the tunnel and I am not sure why. Below is the reject event that I get > from the gateway. Does anyone have any ideas? The shrew client trace > tool simply says 'resend limit exceeded for phase1 exchange' and it > kills the attempts. Any help would be greatly appreciated as we are > trying to get this off the ground. In the example below I was using an > AT&T 3g card, but it also happened from a desktop using cox ISP. > > > Rejected an IKE packet on ethernet0/0 from 166.204.222.138:500 > <http://166.204.222.138:500> to xx.xx.xx.xx:500 with cookies > 5dba7aba5e660ebc and 0000000000000000 because an initial Phase 1 packet > arrived from an unrecognized peer gateway. >
The Mode under Define Advanced Parameters of the Autokey Advanced Gateway definition needs to be set to Aggressive on some gateways. It says ( Initiator ) which I take to mean when the gateway is acting as the initiator, but a few people have reported this as a problem with certain firmware versions. I'll update the document. Hope this helps, -Matthew _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
