Shrew VPN 64 bit client will not connect to SSG20 Phase2 fails Xauth

I have read the posts, tried the various things...and nothing.  I keep getting a connected status on the client but when I look at the logs on my SSG - I'm failing on phase2 so cannot pass any traffic on the VPN. I originally had 2.1.5 release on - but read that the new beta might work - so Now I have 2.1.6beta 7

This is a copy of the connection...changed my public IP I'm trying to connect to...but am currently coming from a Panera - so the starting destination was left.

The IP pool is only a bit off on the subnet as I saw that was one of the things to change.  I ususally am on 10.  but but the shrew on 15.   Now..I believe I'm configured for 192.168.0.0 to all be internal...so maybe that is acting as internal??  I do not use any IP pools for my existing winxp juniper vpn connections.  

2010-04-23 09:41:52      info      IKE<64.241.37.140>: XAuth login was passed for gateway <vpnshrew5_gw>, username <joann>, retry: 0, Client IP Addr<192.168.15.210>, IPPool name:<vpnshrew>, Session-Timeout:<0s>, Idle-Timeout:<0s>.
2010-04-23 09:41:52      info      IKE<64.241.37.140>: XAuth login was refreshed for username <joann> at <192.168.15.210/255.255.255.255>.
2010-04-23 09:41:52      info      Rejected an IKE packet on ethernet0/0 from 64.241.37.140:17541 to 68.143.xx.xxx:4500 with cookies ffacbbaab3ac0067 and a3aa5ee40c92c0b7 because a Phase 2 packet arrived while XAuth was still pending.
2010-04-23 09:41:52      info      IKE<64.241.37.140> Phase 1: Completed Aggressive mode negotiations with a <28800>-second lifetime.
2010-04-23 09:41:52      info      IKE<64.241.37.140> Phase 1: Completed for user <vpnshrew_5>.
2010-04-23 09:41:52      info      IKE<64.241.37.140> Phase 1: IKE responder has detected NAT in front of the remote device.
2010-04-23 09:41:52      info      IKE<64.241.37.140> Phase 1: IKE responder has detected NAT in front of the local device.
2010-04-23 09:41:52      info      IKE<64.241.37.140> Phase 1: Responder starts AGGRESSIVE mode negotiations.

Routes/switches/firwalls are not my speciality - so I really could you some help.  I need to get this connected as I have a new program coming in house that will require this for a few of my remote workers.  
jenitAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Is that all you get from your log? I cannot see any Phase 2 trials.
jenitAuthor Commented:
I did not see anything more at the time and my logs do not keep that much before clearing.  I had to come back in office - so since I'm on the same subnet - cannot test until later.  I will let you know as soon as I look at it again.
jenitAuthor Commented:
I double checked and that is all I get from the Juniper side.  I tried to connect to an RDP session as well as an internal citrix connection and there is no record of the traffic hitting the Juniper to even be denied.    I cannot also seem to get the logs running from the shrew - I did read to lauch from a right click and run as administrator - but this does not help.  I never get an option to start the logs.  
jenitAuthor Commented:
I did figure this out on my own...the documentation from Shrew referencing the configuration with the Juniper SSG has the phase 2 documention going to nopfs....by making this g2 it is working for data traffic.  VOIP traffic I'm still having problems with - but will post as a new question.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.