andysussman44
asked on
Juniper SSG5 Shrew 2.1.6 Windows 7 64 bit and Verizon or ATT cellular wireless cards
Hi,
I have several setups with the Juniper SSG5 with 6.1 to 6.3 Screen OS on them. Clients with windows XP / windows vista 32 / windows 7 32 and 64 running the shrew VPN client 2.1.5 and 2.1.6 (testing 2.1.6) It works very well except that I am having problems with some of the latest systems that are running windows 7 64 bit. These clients can connect to the SSG5 no problem with their wired ethernet card , standard wireless ethernet card, usb wirleess card etc. What I cant get to work is a verizon cellular wireless, or ATT fcellular wireless card. These same cards with the same policy will work on a windows 7 32 system, so it does not seem to be the carrier. The shrew client looks like it connects successfully and says the tunnel is up, but I cant get any traffic through and if you look in the log on the juniper I am getting
Rejected an IKE packet on ethernet0/0 from 166.217.xx.xx:4500 to 207.180.xx.xx:4500 with cookies c6b7e7xx6a410xxx and 4b4b36xx693dxxx because There were no acceptable Phase 2 proposals..
anybody else run into this?
I have several setups with the Juniper SSG5 with 6.1 to 6.3 Screen OS on them. Clients with windows XP / windows vista 32 / windows 7 32 and 64 running the shrew VPN client 2.1.5 and 2.1.6 (testing 2.1.6) It works very well except that I am having problems with some of the latest systems that are running windows 7 64 bit. These clients can connect to the SSG5 no problem with their wired ethernet card , standard wireless ethernet card, usb wirleess card etc. What I cant get to work is a verizon cellular wireless, or ATT fcellular wireless card. These same cards with the same policy will work on a windows 7 32 system, so it does not seem to be the carrier. The shrew client looks like it connects successfully and says the tunnel is up, but I cant get any traffic through and if you look in the log on the juniper I am getting
Rejected an IKE packet on ethernet0/0 from 166.217.xx.xx:4500 to 207.180.xx.xx:4500 with cookies c6b7e7xx6a410xxx and 4b4b36xx693dxxx because There were no acceptable Phase 2 proposals..
anybody else run into this?
Allvirtual
Don't use Shrew. Use the officially supported client from NCP: http://www.ncp-e.com. It works.
Bad advice to buy a software you can get for free. The Juniper Edition is at $100, the (non-proprietary) Entry Level few Dollars more.
I have heard from similar issues regarding ATT WLAN for other users of Shrew. I would try the current dev release 2.1.7-beta-1, which has some stability issues resolved. If that does not help, use the trace tool on Shrew to get some details about what is exchanged (or debug on SSG).
I have heard from similar issues regarding ATT WLAN for other users of Shrew. I would try the current dev release 2.1.7-beta-1, which has some stability issues resolved. If that does not help, use the trace tool on Shrew to get some details about what is exchanged (or debug on SSG).
It comes with many interesting features plus a much more professional design. As a high paid consultant I am looking for professional design, look&feel. Plus the gold old fashioned customer service they offer is worth alone the price. I even argue it's cheap. One of my customers once called them and they spend an hour on the phone configuring his gateway which was not even Client related! And he even had not purchased the license yet he was still evaluating. They don't ask for your Serial Number of give you headaches or red tape like other companies. You can't even talk to the janitor in most places without a paid support contract and when you finally talk to someone they either have no clue what they are talking about or they are some "gurus" in India or somewhere else in Asia that either don't understand you or you don't understand them. With NCP you talk to an educated intelligent engineer and many of their folks as it appears speaks several languages fluently. Plus they know their stuff. Also I had at least 2-3 customers that somewhat get aggressive when I talk about Shrew - tried it and ain't worth it is what they would tell me. Crashes, blue screens, trashed operating systems, you name it. Well, you get what you pay for is all I say. There must be a reason why thousands of people pay the price for this software. And also my time is valuable. So I guess you are either unemployed or charge cheap rates so you can tinker all day. My customers don't have time for this nonsense. I charge $300+ per hour so if I pick up the phone to call NCP they resolve my issues typically within minutes. Just that alone pays for itself. Following Qlemo logic you should not buy Windows because it costs money. Just run Linux and be happy. Right 8)
So before you listen to those nerds here on the board think twice and act once. Cheers.
So before you listen to those nerds here on the board think twice and act once. Cheers.
ASKER
Allvirtual,
I will look into the client you recommended, but if it is a $100 a user then that is going to be an issue as I would have to buy at least 30 clients at this point.
Qlemo, I am trying the 2.1.7 client today I'll post later my results
thanks for the help!
Andy
I will look into the client you recommended, but if it is a $100 a user then that is going to be an issue as I would have to buy at least 30 clients at this point.
Qlemo, I am trying the 2.1.7 client today I'll post later my results
thanks for the help!
Andy
The client pricing from what I understand is an individual license. You should get substantial discount when you purchase several licenses.
Also it seems to me you want to look at the Enterprise client which is a managed product. This client will pay for itself over time just by being able to manage and control your VPN environment. I'd give them (NCP) a call. The phone number should be on the web site. Talk to them and see what they say. They are nice people to deal with.
Also it seems to me you want to look at the Enterprise client which is a managed product. This client will pay for itself over time just by being able to manage and control your VPN environment. I'd give them (NCP) a call. The phone number should be on the web site. Talk to them and see what they say. They are nice people to deal with.
ASKER
The one I was testing on had to go away this week, so I hope to have it next week
Thanks!
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Woodall01,
Did you set it up on a windows 7 64 bit machine? That's where I run into issues with both AT&T & Verizon 3G wireless cards. I have several machines that will connect no problem with shrew through a wired or wireless network card, but will not connect through the 3G card. Take the 3G card put it into a xp machine or windows 7 32 bit, and there is no issue.
Did you set it up on a windows 7 64 bit machine? That's where I run into issues with both AT&T & Verizon 3G wireless cards. I have several machines that will connect no problem with shrew through a wired or wireless network card, but will not connect through the 3G card. Take the 3G card put it into a xp machine or windows 7 32 bit, and there is no issue.
I am running x64 with a wireless hotspot, I will get one of my employees' cards any try it in the next day or two and let you know. It might be a timing thing, shrew is a little fast on the whole auth thing.
ASKER
Woodall01
Did you ever try it with the att or verizon card? I am thinking I am just going to have to wait or find another solution with this configuration which is a bummer
Thanks!
Andy
Did you ever try it with the att or verizon card? I am thinking I am just going to have to wait or find another solution with this configuration which is a bummer
Thanks!
Andy
It works with my Sprint Card. It's slow but it works.
woodall01: argued: "BTW to "AllVirtual", a good engineer will figure out the hard stuff, that'ss how you learn. Also, if was going to connect more then 25 people then using NCP, I would opt for an SA700 or just set up an IPSEC VPN using Windows 7 and SSL."
1. Not everyone is an engineer
2. Smart designed software must not be hard but I understand that engineers would like it that way cause they need to validate all the time and effort they put in their education.
3. SSL VPN is much less performant - as an engineer you should know that but then again most "engineers" have no cloud. Seems you drank the SSL coolaid as well like everyone else. Cheers.
1. Not everyone is an engineer
2. Smart designed software must not be hard but I understand that engineers would like it that way cause they need to validate all the time and effort they put in their education.
3. SSL VPN is much less performant - as an engineer you should know that but then again most "engineers" have no cloud. Seems you drank the SSL coolaid as well like everyone else. Cheers.