I have setup a dial-up VPN gateway in our SSG140 per several guides I found online. The VPN works fine with Netscreen Remote software on Windows XP. But on the Windows 7 Shrew client, I am unable to connect. The client seems to say that everything connects properly, however the second screenshot shows 0 established security connections. I have also attached a selection from the Netscreen event log where it seems to stop when it rejects a packet..."because A Phase 2 packet arrived while XAuth was still pending." I have tried tweaking the firewall, the Shrew connection options, starting over from scratch, all to no avail. Any ideas on some settings I may be missing or other things to try?
I also verified the Shrew client works on a Vista machine at a different site.
Juniper would not support it any further because the Netscreen Remote software connected just fine.
2010-04-07 11:26:05 info IKE 99.xx.xxx.xxx: XAuth login was passed for gateway GWIVPN_Gateway, username gwiuser, retry: 0, Client IP Addr 10.2.2.3, IPPool name: GWI_VPN_Client, Session-Timeout: 0s, Idle-Timeout: 0s.
2010-04-07 11:26:05 info IKE 99.xxx.xxx.xxx: XAuth login was refreshed for username gwiuser at 10.2.2.3/255.255.255.255.
2010-04-07 11:26:05 info Rejected an IKE packet on ethernet0/2 from xxx.xxx.xxx.xxx:4500 to 69.xxx.xxx.xxx:4500 with cookies 8636e1f5900cdd8d and 6a7f5f6f0f56c688 because A Phase 2 packet arrived while XAuth was still pending.
2010-04-07 11:26:05 info IKE 99.xxx.xxx.xxx Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime.
2010-04-07 11:26:05 info IKE 99.xxx.xxx.xxx Phase 1: Completed for user GWIVPN.
2010-04-07 11:26:05 info IKE<99.xxx.xxx.xxx> Phase 1: IKE responder has detected NAT in front of the remote device.
2010-04-07 11:26:05 info IKE<99.xxx.xxx.xxx> Phase 1: IKE responder has detected NAT in front of the local device.
2010-04-07 11:26:05 info IKE 99.xxx.xxx.xxx Phase 1: Responder starts AGGRESSIVE mode negotiations.