I'm new to Juniper and have a question regarding XAUTH / IPSEC / VPN
I setup our SSG5 using the following instruction found
here: http://www.shrew.net/support/wiki/HowtoJuniperSsg
This works fine; I can build the connection /Tunnel and can access alle resources on our internal network.
The problem is, if a co-worker also try to connect using VPN client, my connection will be closed and he will connect!
How can I make the SSG5 allows concurrent VPN connections?
Thanks
Regards
Bernd
here is a snipped from the log:
2012-06-26 15:23:09 info IKE 95.112.29.114 Phase 1: Retransmission limit has been reached.
2012-06-26 15:22:29 info IKE 88.66.105.91 Phase 2 msg ID 92925c2a: Completed negotiations with SPI 2e8ad002, tunnel ID 32783, and lifetime 3600 seconds/0 KB.
2012-06-26 15:22:29 info IKE 88.66.105.91 Phase 2 msg ID 92925c2a: Responded to the peer's first message.
2012-06-26 15:22:20 info IKE 88.66.105.91: XAuth login was passed for gateway vpnclient_gateway, username CCCC, retry: 0, Client IP Addr 192.168.5.100, IPPool name: VPN-Pool, Session-Timeout: 0s, Idle-Timeout: 0s.
2012-06-26 15:22:20 info IKE88.66.105.91: XAuth login was terminated because the user logged in again. Previous gateway: 95.112.29.114. Username: AAAA at 192.168.5.100/255.255.255.255.
2012-06-26 15:22:20 info Rejected an IKE packet on ethernet0/0 from 88.66.105.91:4500 to 79.224.229.134:4500 with cookies 7e053b2fca8eaad5 and 476308df1d9caa3f because A Phase 2 packet arrived while XAuth was still pending.
2012-06-26 15:22:20 info IKE 88.66.105.91 Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime.
2012-06-26 15:22:20 info IKE 88.66.105.91 Phase 1: Completed for user vpnclient_ph1id.
2012-06-26 15:22:20 info IKE<88.66.105.91> Phase 1: IKE responder has detected NAT in front of the remote device.
2012-06-26 15:22:20 info IKE<88.66.105.91> Phase 1: IKE responder has detected NAT in front of the local device.
2012-06-26 15:22:20 info IKE 88.66.105.91 Phase 1: Responder starts AGGRESSIVE mode negotiations.
2012-06-26 15:21:08 info IKE 95.112.29.114 Phase 2 msg ID 3e37622f: Completed negotiations with SPI 2e8ad001, tunnel ID 32782, and lifetime 3600 seconds/0 KB.
2012-06-26 15:21:08 info IKE 95.112.29.114 Phase 2 msg ID 3e37622f: Responded to the peer's first message.
2012-06-26 15:21:05 info IKE 95.112.29.114: XAuth login was passed for gateway vpnclient_gateway, username AAAAA, retry: 0, Client IP Addr 192.168.5.100, IPPool name: VPN-Pool, Session-Timeout: 0s, Idle-Timeout: 0s.
2012-06-26 15:21:05 info IKE95.112.29.114: XAuth login was terminated because the user logged in again. Previous gateway: 95.113.186.169. Username: BBBBB at 192.168.5.100/255.255.255.255.
2012-06-26 15:21:04 info Rejected an IKE packet on ethernet0/0 from 95.112.29.114:4500 to 79.224.229.134:4500 with cookies 3e49afccbec48be1 and f204e9659eb85200 because A Phase 2 packet arrived while XAuth was still pending.
2012-06-26 15:21:04 info IKE 95.112.29.114 Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime.
2012-06-26 15:21:04 info IKE 95.112.29.114 Phase 1: Completed for user vpnclient_ph1id.
2012-06-26 15:21:04 info IKE<95.112.29.114> Phase 1: IKE responder has detected NAT in front of the remote device.
2012-06-26 15:21:04 info IKE<95.112.29.114> Phase 1: IKE responder has detected NAT in front of the local device.