No VPN Traffic Flows for 3 Minutes after Phase 2 ReKey
I have a couple of small business customers that are still using NS5GTs. One of them has an Office in CA and another Office in Florida. Both Offices have a static public IP and an NS5GT with a...
View ArticleClik here to view.
Connect 2 Juniper SSG5 one after the other
Hello, I apologize first for my English. It is not my language.I want to set up a network in my office as follows:A fiber router connected to the Internet, connected to this router I have a Juniper...
View ArticleRe: Connect 2 Juniper SSG5 one after the other
Hi, I understand that access from 192.168.1.0/24 to 192.168.100.0/24 is fine however otherway access is not working. Please check to which zone these ports belong to, on each firewall. And then check...
View ArticleRe: No VPN Traffic Flows for 3 Minutes after Phase 2 ReKey
Hi, 1: What do you see in the SA " get sa" & "get sa id <ID from previous output in hex , e.g. 0X1> , during the issue state.2: Do you see anything in the get event or any bad spi error etc...
View ArticleRe: Connect 2 Juniper SSG5 one after the other
Hi, the communication from 192.168.100.1/24 to 192.168.1.1/24 is fine. However from 192.168.1.1/24 to 192.168.100.1/24 it does not work. Thank youAngel
View ArticleRe: Connect 2 Juniper SSG5 one after the other
Either case, first you need to have 2 polices on both the devices to allow any new session. If polices are in place then reproduce the issue and the take the ‘debug flow basic” with specific IP...
View ArticleRe: Connect 2 Juniper SSG5 one after the other
Thanks for the clear diagram. 1-You need a policy on SSG 192.168.100.0/24untrust (eth0/0 if default) to Trust (bgroup0 if default) to allow the inbound traffic If you have the default nat policy in...
View ArticleRe: No VPN Traffic Flows for 3 Minutes after Phase 2 ReKey
There are no errors or anything else suspicious in the event log during the time traffic is not flowing. According to the event log, the VPN looks like it should be working perfectly. Here is the SA...
View ArticleRe: No VPN Traffic Flows for 3 Minutes after Phase 2 ReKey
Hi, It's strange that "get event" doesn't give any information. From the SA output I see one device has the backup incoming SPI "life 86400 sec, 1141 remain," however another device doesn't have backup...
View ArticleRe: No VPN Traffic Flows for 3 Minutes after Phase 2 ReKey
Both NS5GT's are running 5.0.0r11.1 The IKE parameters look like they are default: Florida 10.0.1.1ns5gtFL-> get ike soft-lifetime-bufferIPsec Soft Lifetime Buffer is 10 secondsns5gtFL-> get ike...
View ArticleRouting to trusted subnet
Dear Community,I hope you can give a a little help.We inherited a network with an old SSG 5 (will be replaced in some weeks). This SSG 5 is connected to LAN (via bridge0) and WAN. A primary...
View ArticleRe: Routing to trusted subnet
The issue is probably because of asymmetrical routing. The SSG firewall wants to see the full bidirectional flow of the traffic. The outbound traffic goes to the SSG because it is the default...
View ArticleSSG5 no VPN connection possible
Hello,I have been trying to establish a vpn tunnel with my ssg5 device by means of Shrew Soft app.I followed this tutorial:https://www.shrew.net/support/Howto_Juniper_SSGI cannot tell how many times...
View ArticleRe: SSG5 no VPN connection possible
For the dial up vpn walk through the steps in this kb article https://kb.juniper.net/InfoCenter/index?page=content&id=KB9452 To enable ssh on the SSG5 go toconfiguration > Admin >...
View ArticleRe: SSG5 no VPN connection possible
Thank you for the aswers, but:1. The link provided is for the Netscreen software, which is unavailable for download anywhere. And I never mentioned I am using it.2. The ssh is already enabled in the...
View ArticleRe: SSG5 no VPN connection possible
Retransmit limit reached : typically means the Firewall did not receive any further response from Shrew. Some basic checks you can perform:- Is the host firewall disabled on the client machine? Try if...
View ArticleRe: SSG5 no VPN connection possible
For any in-depth troubleshooting on the SSG, you will need CLI access. - check if telnet works- from the UI, go to network > interfaces > edit the interface you would like to access and ensure...
View ArticleRe: SSG5 no VPN connection possible
Dear Gokul,At the moment I enabled everything. The only things that work is ping and webgui. Both telnet ans ssh are enabled there. Still no ssh.
View ArticleRe: SSG5 no VPN connection possible
And here is what logs say from the client side:19/03/19 12:17:04 ## : IKE Daemon, ver 2.2.219/03/19 12:17:04 ## : Copyright 2013 Shrew Soft Inc.19/03/19 12:17:04 ## : This product linked OpenSSL 1.0.1c...
View ArticleRe: SSG5 no VPN connection possible
OK, so the client sent 1st message and is waiting for the 2nd message from SSG.SSG has sent 2nd message and waiting for 3rd message from client. Is it possible to go for Wireshark capture on the client...
View Article