03-05-2008 04:54 AM
The juniper netscreen vpn client can't establish a vpn-connection. This problem happens only on thinkpads, on other computers the vpn- connection can be established with the same configuration. As i see the problem more on the system side i already made a ticket at lenovo, but maybe some people got an idea where to search.
I already saw and checked the thread with ProhibitIpSec=1.
The request reaches the firewall, the firewall replies, but the connection can't finish phase 1. It looks like the reply of the remote vpn server isn't received by the client. For example the own vpn cookie is availlable while the remote cookie stays empty (in the connection monitor detail view).
I guess some kind of service blocks the answer.
SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
message not received! Retransmitting!
T61, Windows XP Pro, SP2, latest lenovo software update, Norton Internet Security, Netscreen SafeNet SoftRemote 10.7.7 (build 6) including the firewall, Cisco Systems VPN Dialer.
I uninstalled the tvtpktfilter to install the netscreen vpn client.
While my tests i disabled
I altered the VPN server settings as well. While testing the T61 my reference system was able to connect all the time.
Any hints are welcome, thanks a lot!
Solved! Go to Solution.
03-05-2008 05:55 PM
Are there any other devices between your Thinkpad and the firewall? Also the reference system you speak of, is it also on the same network as the Thinkpad? If so then likely the Thinkpad itself may be denying the UDP 500 packet. I would consider running a sniffer like Wireshark on your Thinkpad and confirm that UDP 500 packets are going out and that you also see the replies. If you do not see any reply, then try sniffing external to the laptop. If you have a hub (not a switch) you can plug it inline between the Thinkpad the router upstream to the firewall and then use another PC with Wireshark to confirm beyond a doubt that the packets are on the wire.
You mention that you disabled some applications. Have you also confirmed Windows firewall is disabled? Have you tried completely uninstalling the applications you mentioned as opposed to simply disabling them? You may also want to run an application called Belarc Advisor (www.belarc.com) to scan your system for all installed applications in case you missed something.
Hope this helps.
03-06-2008 05:27 AM
Thanks for all answers.
Updating to a newer client version is an option i'd like to use as latest one as there were enough problems with installing this one due to the tvtpktfilter on the thinkpad.
The reference system is in the same network, the windows firewall is active and a personal firewall as well. The included firewall on the juniper vpn client is disabled.
I guess the packets are going out, the event log of the ssg20 are showing them. But the replies aren't reaching the vpn client.
I'll do the tests with the wireshark.
I disabled all firewalls and functions (including windows firewall) i were able to find. I avoided uninstalling software bz try-and-error, because i need to find the cause of the problem. Maybe Belarc Advisor will help me.
03-07-2008 07:34 PM