Question : SSG VPN dailup setup (Shrew VPN Client) , hitting a brick wall.

I thought I had solved this issue, but I am hitting a brick wall.
I’ve been “trial and erroring” for weeks now!

What I am trying to implement is:

-Dailup VPN for remote users with Shrew VPN Client. (say 4 remote users) for all Services with just a pre shared key.
-Dailup VPN for remote users with Shrew VPN Client just for the RDP protocol with just a pre shared key. (who just login and connect to their own desktops)

This will be divided up into 2 dailin groups.

I am trying to get the first group going, but constantly the settings are not correct.
The main error message I get is (something about SA not available) (if I looking to the debug ike detail logs)
I think its not even hitting the policies.
I followed the following guide by the letter, and the connection still doesn’t come up. ¿ www.shrew.net/support/wiki/HowtoJuniperSsg

It bounces at the IKE phase 2 negotiations when I have x-auth enabled. (which isn’t something I want, but just wanted to get “a connection” working.

The problem is that I can only test within the live environment, as I only have one internet connection at work. (use my iphone for tethering to simulate a external connection when I try to connect to the VPN SSG)

Also that I am on a deadline from the management, which is highly shitty, as I can only test when all users went home. (deadline is end of this week!) :(
As I am testing on the main connection, the remote users cant login to the current VPN router. (the one that is going to replaced.)

I have the feeling I am missing something, or a policy.

Does anyone know a good way of a testing environment as well? As I am aware of the fact that these test are not best practice. :(

Included is the masked config file. (I know there are pieces left from the xauth setup, please comment on anything that can be trashed, and not just the xauth)

Please release my from this terror and tell me what I am doing wrong!

Attachments:

ee.txt (8 KB) (File Type Details)

ssg5 config

Related Solutions: VPN configuration Juniper VPN/Firewall SSG5, routes & configuration.

Answer : SSG VPN dailup setup (Shrew VPN Client) , hitting a brick wall.

should be:
unset address "Trust" "192.168.0.0/24" 192.168.0.0 255.255.255.0
set address "Trust" "192.168.100.0/24" 192.168.100.0 255.255.255.0

unset policy id 7

set policy id 7 name "VPN_Client_Inbound" from "Untrust" to "Trust" "Dial-Up VPN" "192.168.100.0/24" "ANY" tunnel vpn "VPN_Client_Tunnel" id 0x3 log

set policy id 7

set log session-init

Billy

Random Solutions

C++ Assigne multi word input into single string fiield

A potentially dangerous Request.Form value was detected from the client ...

SharePoint-sending email

Filter Hidden from Address list, Account disabled and forwarding is disabled

Count rows - distinct

Connecting two subnets on a cisco switch

IP Fax and Cisco UCM 8

SQL - Simple Select Statement Returns Error "Conversion of nvarchar value overflowed an int column"

BSOD 0x0000007B during Windows 2003 installation on Dell PowerEdge 2970 server

Different between HP BladeSystem, ProLaint DL and ProLiant ML server