The client will successfully rekey with the firewall then (both phase 1 and phase 2). I then reversed the values and made the phase 2 rekey 60 seconds and phase 1 rekey 180 seconds on the ShrewSoft client (and set the firewall's rekey times to 300 seconds). I see this type of message in the firewall audit:ĪGGRESSIVE_MODE exchange terminated - AGGRESSIVE_MODE negotiation timed out (retransmission threshold reached) The firewall then deletes the phase 1 association because the ShrewSoft client does not respond to its rekey attempts. It's like the ShrewSoft client loses its phase 1 configuration or something. In tcpdumps I can see the firewall sending four port 500, phase 1 packets to the ShrewSoft client, with no response. Ike packet from 192.168.15.8 ignored, contact is denied for peer On the ShrewSoft client I set each to 300 seconds (so the firewall rekeys first).Īfter 60 seconds the firewall and ShrewSoft client rekey phase 2 successfully.Īfter 180 seconds the firewall tries to rekey phase 1 but the ShrewSoft client does not allow it for some reason. I set the phase 2 rekey time to 60 seconds and phase 1 rekey time to 180 seconds on the firewall. prev in list next in list prev in thread next in thread List: shrew-vpn-help Subject: vpn-help Issues connecting to company VPN using a 'Pocket WiFi - LTE' access point From.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |