|

»

»

Netscreen at Compsoc.com

netscreen Vpn

View: New views

5 Messages — Rating Filter: Alert me

	netscreen Vpn by M.Mihailidis :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Hello im to set up an ipsec vpn with 5gt using Shrew Soft VPN Client from my pc I have setup correctly the 5gt and during the dial I get the message: KE<85.72.37.175>: XAuth login expired and was terminated for username <supportMM> at <10.32.32.10>.2008-05-14 16:16:49infoIKE<xx.xx.xx.xx>: XAuth login was aborted for gateway <IKEGW>, username <supportMM>, retry: 0.2008-05-14 16:16:49infoRejected an IKE packet on ethernet3 from xx.xx.xx.xx:500 to xx.xx.xx.xx:500 with cookies 4c7bc23a9116366a and ab93bf2f02c0f461 because a Phase 2 packet arrived while XAuth was still pending.2008- 05-14 16:16:49infoIKE<85.72.37.175> Phase 1: Completed Aggressive mode negotiations with a <28800>-second lifetime.2008-05-14 16:16:49infoIKE<xx.xx.xx.xx> Phase 1: Completed for user <supportMM>.2008-05-14 16:16:49infoIKE<xx.xx.xx.xx> Phase 1: Responder starts AGGRESSIVE mode negotiations. Anyone knows why is this?? Thank you _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: [j-nsp] netscreen Vpn by Stefan Fouant :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message IIRC, XAuth has to take place after Phase 1 establishment but prior to Phase 2 negotiations. Therefore I believe you are seeing this message because the XAuth authentication needs to be completed before Phase 2 can begin. If you only saw the error once it just means the XAuth packet wasn't received. However, if it's happening consistently it probably indicates a compatibility issue with the Shrew Soft VPN client and the 5GT. Perhaps the Shrew Soft VPN client doesn't conform strictly to (or is interpreting differently) the behavior as defined in the IKE RFC (RFC 2409). Try a different VPN client, perhaps the NS-Remote client and see if you get a different result. Cheers, Stefan Fouant On Wed, May 14, 2008 at 9:12 AM, M.Mihailidis <mixalism@...> wrote: > Hello im to set up an ipsec vpn with 5gt using Shrew Soft VPN Client from my > pc > > I have setup correctly the 5gt and during the dial I get the message: > > > > > > KE<85.72.37.175>: XAuth login expired and was terminated for username > <supportMM> at <10.32.32.10>.2008-05-14 > > > > 16:16:49infoIKE<xx.xx.xx.xx>: XAuth login was aborted for gateway <IKEGW>, > username <supportMM>, retry: 0.2008-05-14 > > > > 16:16:49infoRejected an IKE packet on ethernet3 from xx.xx.xx.xx:500 to > xx.xx.xx.xx:500 with cookies 4c7bc23a9116366a and ab93bf2f02c0f461 because a > Phase 2 packet arrived while XAuth was still pending.2008- > > 05-14 16:16:49infoIKE<85.72.37.175> Phase 1: Completed Aggressive mode > negotiations with a <28800>-second lifetime.2008-05-14 > > > > 16:16:49infoIKE<xx.xx.xx.xx> Phase 1: Completed for user > <supportMM>.2008-05-14 > > > > 16:16:49infoIKE<xx.xx.xx.xx> Phase 1: Responder starts AGGRESSIVE mode > negotiations. > > > > Anyone knows why is this?? > > Thank you > > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@... > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: [j-nsp] netscreen Vpn by M.Mihailidis :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Is there another free vpn client that I can use except netscreen remote? -----Original Message----- From: Stefan Fouant [mailto:sfouant@...] Sent: Wednesday, May 14, 2008 5:34 PM To: M.Mihailidis Cc: Juniper-Nsp; nn@... Subject: Re: [j-nsp] netscreen Vpn IIRC, XAuth has to take place after Phase 1 establishment but prior to Phase 2 negotiations. Therefore I believe you are seeing this message because the XAuth authentication needs to be completed before Phase 2 can begin. If you only saw the error once it just means the XAuth packet wasn't received. However, if it's happening consistently it probably indicates a compatibility issue with the Shrew Soft VPN client and the 5GT. Perhaps the Shrew Soft VPN client doesn't conform strictly to (or is interpreting differently) the behavior as defined in the IKE RFC (RFC 2409). Try a different VPN client, perhaps the NS-Remote client and see if you get a different result. Cheers, Stefan Fouant On Wed, May 14, 2008 at 9:12 AM, M.Mihailidis <mixalism@...> wrote: > Hello im to set up an ipsec vpn with 5gt using Shrew Soft VPN Client from my > pc > > I have setup correctly the 5gt and during the dial I get the message: > > > > > > KE<85.72.37.175>: XAuth login expired and was terminated for username > <supportMM> at <10.32.32.10>.2008-05-14 > > > > 16:16:49infoIKE<xx.xx.xx.xx>: XAuth login was aborted for gateway <IKEGW>, > username <supportMM>, retry: 0.2008-05-14 > > > > 16:16:49infoRejected an IKE packet on ethernet3 from xx.xx.xx.xx:500 to > xx.xx.xx.xx:500 with cookies 4c7bc23a9116366a and ab93bf2f02c0f461 because a > Phase 2 packet arrived while XAuth was still pending.2008- > > 05-14 16:16:49infoIKE<85.72.37.175> Phase 1: Completed Aggressive mode > negotiations with a <28800>-second lifetime.2008-05-14 > > > > 16:16:49infoIKE<xx.xx.xx.xx> Phase 1: Completed for user > <supportMM>.2008-05-14 > > > > 16:16:49infoIKE<xx.xx.xx.xx> Phase 1: Responder starts AGGRESSIVE mode > negotiations. > > > > Anyone knows why is this?? > > Thank you > > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@... > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: [j-nsp] netscreen Vpn by Greg Conroy :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Possibly you can set up a preshared key and identity (such as email address) instead of an xauth, most third party VPN clients can handle a preshared key. Greg Stefan Fouant wrote: > IIRC, XAuth has to take place after Phase 1 establishment but prior > to Phase 2 negotiations. Therefore I believe you are seeing this > message because the XAuth authentication needs to be completed before > Phase 2 can begin. > > If you only saw the error once it just means the XAuth packet wasn't > received. However, if it's happening consistently it probably > indicates a compatibility issue with the Shrew Soft VPN client and the > 5GT. Perhaps the Shrew Soft VPN client doesn't conform strictly to > (or is interpreting differently) the behavior as defined in the IKE > RFC (RFC 2409). > > Try a different VPN client, perhaps the NS-Remote client and see if > you get a different result. > > Cheers, > > Stefan Fouant > > On Wed, May 14, 2008 at 9:12 AM, M.Mihailidis <mixalism@...> wrote: > >> Hello im to set up an ipsec vpn with 5gt using Shrew Soft VPN Client from my >> pc >> >> I have setup correctly the 5gt and during the dial I get the message: >> >> >> >> >> >> KE<85.72.37.175>: XAuth login expired and was terminated for username >> <supportMM> at <10.32.32.10>.2008-05-14 >> >> >> >> 16:16:49infoIKE<xx.xx.xx.xx>: XAuth login was aborted for gateway <IKEGW>, >> username <supportMM>, retry: 0.2008-05-14 >> >> >> >> 16:16:49infoRejected an IKE packet on ethernet3 from xx.xx.xx.xx:500 to >> xx.xx.xx.xx:500 with cookies 4c7bc23a9116366a and ab93bf2f02c0f461 because a >> Phase 2 packet arrived while XAuth was still pending.2008- >> >> 05-14 16:16:49infoIKE<85.72.37.175> Phase 1: Completed Aggressive mode >> negotiations with a <28800>-second lifetime.2008-05-14 >> >> >> >> 16:16:49infoIKE<xx.xx.xx.xx> Phase 1: Completed for user >> <supportMM>.2008-05-14 >> >> >> >> 16:16:49infoIKE<xx.xx.xx.xx> Phase 1: Responder starts AGGRESSIVE mode >> negotiations. >> >> >> >> Anyone knows why is this?? >> >> Thank you >> >> >> >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@... >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> >> > _______________________________________________ > nn mailing list > nn@... > http://www.compsoc.com/cgi-bin/mailman/listinfo/nn > > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: [j-nsp] netscreen Vpn by Stefan Fouant :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message He may be trying to dynamically assign an IP address to the tunnel, in which case he'll need to use XAuth or L2TP over IPSec. But otherwise, I agree, if you can use local-id or an email address for purposes of identity, there is not much benefit to using XAuth for dialup VPNs and it certainly adds more complexity. Stefan Fouant On Wed, May 14, 2008 at 11:03 AM, Greg Conroy <gconroy@...> wrote: > Possibly you can set up a preshared key and identity (such as email address) > instead of an xauth, most third party VPN clients can handle a preshared > key. > > > Greg > > Stefan Fouant wrote: >> >> IIRC, XAuth has to take place after Phase 1 establishment but prior >> to Phase 2 negotiations. Therefore I believe you are seeing this >> message because the XAuth authentication needs to be completed before >> Phase 2 can begin. >> >> If you only saw the error once it just means the XAuth packet wasn't >> received. However, if it's happening consistently it probably >> indicates a compatibility issue with the Shrew Soft VPN client and the >> 5GT. Perhaps the Shrew Soft VPN client doesn't conform strictly to >> (or is interpreting differently) the behavior as defined in the IKE >> RFC (RFC 2409). >> >> Try a different VPN client, perhaps the NS-Remote client and see if >> you get a different result. >> >> Cheers, >> >> Stefan Fouant >> >> On Wed, May 14, 2008 at 9:12 AM, M.Mihailidis <mixalism@...> wrote: >> >>> >>> Hello im to set up an ipsec vpn with 5gt using Shrew Soft VPN Client from >>> my >>> pc >>> >>> I have setup correctly the 5gt and during the dial I get the message: >>> >>> >>> >>> >>> >>> KE<85.72.37.175>: XAuth login expired and was terminated for username >>> <supportMM> at <10.32.32.10>.2008-05-14 >>> >>> >>> >>> 16:16:49infoIKE<xx.xx.xx.xx>: XAuth login was aborted for gateway >>> <IKEGW>, >>> username <supportMM>, retry: 0.2008-05-14 >>> >>> >>> >>> 16:16:49infoRejected an IKE packet on ethernet3 from xx.xx.xx.xx:500 to >>> xx.xx.xx.xx:500 with cookies 4c7bc23a9116366a and ab93bf2f02c0f461 >>> because a >>> Phase 2 packet arrived while XAuth was still pending.2008- >>> >>> 05-14 16:16:49infoIKE<85.72.37.175> Phase 1: Completed Aggressive mode >>> negotiations with a <28800>-second lifetime.2008-05-14 >>> >>> >>> >>> 16:16:49infoIKE<xx.xx.xx.xx> Phase 1: Completed for user >>> <supportMM>.2008-05-14 >>> >>> >>> >>> 16:16:49infoIKE<xx.xx.xx.xx> Phase 1: Responder starts AGGRESSIVE mode >>> negotiations. >>> >>> >>> >>> Anyone knows why is this?? >>> >>> Thank you >>> >>> >>> >>> _______________________________________________ >>> juniper-nsp mailing list juniper-nsp@... >>> https://puck.nether.net/mailman/listinfo/juniper-nsp >>> >>> >> >> _______________________________________________ >> nn mailing list >> nn@... >> http://www.compsoc.com/cgi-bin/mailman/listinfo/nn >> >> > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn

LightInTheBox - Buy quality products at wholesale price