Question : SSG VPN dailup setup (Shrew VPN Client) , hitting a brick wall.

I thought I had solved this issue, but I am hitting a brick wall.
I’ve been “trial and erroring” for weeks now!

What I am trying to implement is:

-Dailup VPN for remote users with Shrew VPN Client. (say 4 remote users) for all Services with just a pre shared key.
-Dailup VPN for remote users with Shrew VPN Client just for the RDP protocol with just a pre shared key. (who just login and connect to their own desktops)

This will be divided up into 2 dailin groups.

I am trying to get the first group going, but constantly the settings are not correct.
The main error message I get is (something about  SA not available) (if I looking to the debug ike detail logs)
I think its not even hitting the policies.
I followed the following guide by the letter, and the connection still doesn’t come up. ¿ www.shrew.net/support/wiki/HowtoJuniperSsg

It bounces at the IKE phase 2 negotiations when I have x-auth enabled. (which isn’t something I want, but just wanted to get “a connection” working.

The problem is that I can only test within the live environment, as I only have one internet connection at work. (use my iphone for tethering to simulate a external connection when I try to connect to the VPN SSG)

Also that I am on a deadline from the management, which is highly shitty, as I can only test when all users went home. (deadline is end of this week!) :(
As I am testing on the main connection, the remote users cant login to the current VPN router. (the one that is going to replaced.)

I have the feeling I am missing something, or a policy.

Does anyone know a good way of a testing environment as well? As I am aware of the fact that these test are not best practice. :(

Included is the masked config file. (I know there are pieces left from the xauth setup, please comment on anything that can be trashed, and not just the xauth)

Please release my from this terror and tell me what I am doing wrong!

Attachments:
 
ssg5 config
 

Answer : SSG VPN dailup setup (Shrew VPN Client) , hitting a brick wall.

should be:
unset address "Trust" "192.168.0.0/24" 192.168.0.0 255.255.255.0
set address "Trust" "192.168.100.0/24" 192.168.100.0 255.255.255.0

unset policy id 7

set policy id 7 name "VPN_Client_Inbound" from "Untrust" to "Trust"  "Dial-Up VPN" "192.168.100.0/24" "ANY" tunnel vpn "VPN_Client_Tunnel" id 0x3 log

set policy id 7

set log session-init


Billy
Random Solutions  
 
programming4us programming4us