Dear all,
I'm newbie for VPN setting. I try to follow the below setting for setup a dialup VPN to connect to our office SSG5 device.
I try to setup the shrew VPN client and follow the instruction in the URL
http://www.shrew.net/support/wiki/HowtoJuniperSsg
I'm failed and below are the debug output. Sorry, I don't know to interrpt the output. Please help!
Remote Management Console
HK_SSG5-> get sa
total configured sa: 1
HEX ID Gateway Port Algorithm SPI Life:sec kb Sta PID vsys
00000001< 0.0.0.0 500 esp:3des/sha1 00000000 expir unlim I/I 9 0
00000001> 0.0.0.0 500 esp:3des/sha1 00000000 expir unlim I/I -1 0
HK_SSG5-> undebug all
HK_SSG5-> set db size 4096
HK_SSG5-> clear db
HK_SSG5-> debug ike detail
HK_SSG5-> debug pki all
HK_SSG5-> get db stream
## 2010-04-09 17:51:11 : check certificate renew:
## 2010-04-09 17:51:11 : check poll pending cert:
## 2010-04-09 17:54:11 : check certificate renew:
## 2010-04-09 17:54:11 : check poll pending cert:
## 2010-04-09 17:55:21 : IKE<221.126.96.175> ike packet, len 1202, action 1
## 2010-04-09 17:55:21 : IKE<221.126.96.175> Catcher: received 1174 bytes from s
ocket.
## 2010-04-09 17:55:21 : IKE<221.126.96.175> ****** Recv packet if <ethernet0/0>
of vsys <Root> ******
## 2010-04-09 17:55:21 : IKE<221.126.96.175> Catcher: get 1174 bytes. src port 1
179
## 2010-04-09 17:55:21 : IKE<0.0.0.0 > ISAKMP msg: len 1174, nxp 1[SA],
exch 4[AG], flag 00
## 2010-04-09 17:55:21 : IKE<221.126.96.175 > Recv : [SA] [KE] [NONCE] [ID] [VID
] [VID] [VID] [VID] [VID]
## 2010-04-09 17:55:21 : [VID] [VID] [VID] [VID] [VID] [VID] [VID]
## 2010-04-09 17:55:21 : valid id checking, id type:FQDN, len:34.
## 2010-04-09 17:55:21 : IKE<0.0.0.0 > Validate (1146): SA/716 KE/132
NONCE/24 ID/34 VID/12 VID/20 VID/20 VID/20 VID/20
## 2010-04-09 17:55:21 : IKE<221.126.96.175> Receive Id in AG mode, id-type=2, i
d=client.xxx.com.hk, idlen = 26
## 2010-04-09 17:55:21 : locate peer entry for (2/client.xxx.com.hk),
by identity.
## 2010-04-09 17:55:21 : Found identity<client.xxx.com.hk> in group <
1> user id <1>.
## 2010-04-09 17:55:21 : IKE<221.126.96.175> Found peer entry (vpnclient_gateway
) from 221.126.96.175.
## 2010-04-09 17:55:21 : IKE<221.126.96.175> Peer(vpnclient_gateway) is in main
mode(2) but received packet mode is 4, packet discarded.
## 2010-04-09 17:55:21 : IKE<221.126.96.175> Rejected an initial Phase 1 packet
from an unrecognized peer gateway.
## 2010-04-09 17:55:26 : IKE<221.126.96.175> ike packet, len 1202, action 1
## 2010-04-09 17:55:26 : IKE<221.126.96.175> Catcher: received 1174 bytes from s
ocket.
## 2010-04-09 17:55:26 : IKE<221.126.96.175> ****** Recv packet if <ethernet0/0>
of vsys <Root> ******
## 2010-04-09 17:55:26 : IKE<221.126.96.175> Catcher: get 1174 bytes. src port 1
179
## 2010-04-09 17:55:26 : IKE<0.0.0.0 > ISAKMP msg: len 1174, nxp 1[SA],
exch 4[AG], flag 00
## 2010-04-09 17:55:26 : IKE<221.126.96.175 > Recv : [SA] [KE] [NONCE] [ID] [VID
] [VID] [VID] [VID] [VID]
## 2010-04-09 17:55:26 : [VID] [VID] [VID] [VID] [VID] [VID] [VID]
## 2010-04-09 17:55:26 : valid id checking, id type:FQDN, len:34.
## 2010-04-09 17:55:26 : IKE<0.0.0.0 > Validate (1146): SA/716 KE/132
NONCE/24 ID/34 VID/12 VID/20 VID/20 VID/20 VID/20
## 2010-04-09 17:55:26 : IKE<221.126.96.175> Receive Id in AG mode, id-type=2, i
d=client.xxx.com.hk, idlen = 26
## 2010-04-09 17:55:26 : locate peer entry for (2/client.xxx.com.hk),
by identity.
## 2010-04-09 17:55:26 : Found identity<client.xxx.com.hk> in group <
1> user id <1>.
## 2010-04-09 17:55:26 : IKE<221.126.96.175> Found peer entry (vpnclient_gateway
) from 221.126.96.175.
## 2010-04-09 17:55:26 : IKE<221.126.96.175> Peer(vpnclient_gateway) is in main
mode(2) but received packet mode is 4, packet discarded.
## 2010-04-09 17:55:26 : IKE<221.126.96.175> Rejected an initial Phase 1 packet
from an unrecognized peer gateway.
## 2010-04-09 17:55:31 : IKE<221.126.96.175> ike packet, len 1202, action 1
## 2010-04-09 17:55:31 : IKE<221.126.96.175> Catcher: received 1174 bytes from s
ocket.
## 2010-04-09 17:55:31 : IKE<221.126.96.175> ****** Recv packet if <ethernet0/0>
of vsys <Root> ******
## 2010-04-09 17:55:31 : IKE<221.126.96.175> Catcher: get 1174 bytes. src port 1
179
## 2010-04-09 17:55:31 : IKE<0.0.0.0 > ISAKMP msg: len 1174, nxp 1[SA],
exch 4[AG], flag 00
## 2010-04-09 17:55:31 : IKE<221.126.96.175 > Recv : [SA] [KE] [NONCE] [ID] [VID
] [VID] [VID] [VID] [VID]
## 2010-04-09 17:55:31 : [VID] [VID] [VID] [VID] [VID] [VID] [VID]
## 2010-04-09 17:55:31 : valid id checking, id type:FQDN, len:34.
## 2010-04-09 17:55:31 : IKE<0.0.0.0 > Validate (1146): SA/716 KE/132
NONCE/24 ID/34 VID/12 VID/20 VID/20 VID/20 VID/20
## 2010-04-09 17:55:31 : IKE<221.126.96.175> Receive Id in AG mode, id-type=2, i
d=client.xxx.com.hk, idlen = 26
## 2010-04-09 17:55:31 : locate peer entry for (2/client.xxx.com.hk),
by identity.
## 2010-04-09 17:55:31 : Found identity<client.xxx.com.hk> in group <
1> user id <1>.
## 2010-04-09 17:55:31 : IKE<221.126.96.175> Found peer entry (vpnclient_gateway
) from 221.126.96.175.
## 2010-04-09 17:55:31 : IKE<221.126.96.175> Peer(vpnclient_gateway) is in main
mode(2) but received packet mode is 4, packet discarded.
## 2010-04-09 17:55:31 : IKE<221.126.96.175> Rejected an initial Phase 1 packet
from an unrecognized peer gateway.
## 2010-04-09 17:55:36 : IKE<221.126.96.175> ike packet, len 1202, action 1
## 2010-04-09 17:55:36 : IKE<221.126.96.175> Catcher: received 1174 bytes from s
ocket.
## 2010-04-09 17:55:36 : IKE<221.126.96.175> ****** Recv packet if <ethernet0/0>
of vsys <Root> ******
## 2010-04-09 17:55:36 : IKE<221.126.96.175> Catcher: get 1174 bytes. src port 1
179
## 2010-04-09 17:55:36 : IKE<0.0.0.0 > ISAKMP msg: len 1174, nxp 1[SA],
exch 4[AG], flag 00
## 2010-04-09 17:55:36 : IKE<221.126.96.175 > Recv : [SA] [KE] [NONCE] [ID] [VID
] [VID] [VID] [VID] [VID]
## 2010-04-09 17:55:36 : [VID] [VID] [VID] [VID] [VID] [VID] [VID]
## 2010-04-09 17:55:36 : valid id checking, id type:FQDN, len:34.
## 2010-04-09 17:55:36 : IKE<0.0.0.0 > Validate (1146): SA/716 KE/132
NONCE/24 ID/34 VID/12 VID/20 VID/20 VID/20 VID/20
## 2010-04-09 17:55:36 : IKE<221.126.96.175> Receive Id in AG mode, id-type=2, i
d=client.xxx.com.hk, idlen = 26
## 2010-04-09 17:55:36 : locate peer entry for (2/client.xxx.com.hk),
by identity.
## 2010-04-09 17:55:36 : Found identity<client.xxx.com.hk> in group <
1> user id <1>.
## 2010-04-09 17:55:36 : IKE<221.126.96.175> Found peer entry (vpnclient_gateway
) from 221.126.96.175.
## 2010-04-09 17:55:36 : IKE<221.126.96.175> Peer(vpnclient_gateway) is in main
mode(2) but received packet mode is 4, packet discarded.
## 2010-04-09 17:55:36 : IKE<221.126.96.175> Rejected an initial Phase 1 packet
from an unrecognized peer gateway.
HK_SSG5-> unset db size
HK_SSG5-> undebug all
HK_SSG5->