Hi Guys, I'm getting the same error when I try to set up a VPN connection to a customer's network. The formats mentioned below don't work neither :(.
Best regards, Mark de Bruijne From: [email protected] [mailto:[email protected]] On Behalf Of Shawn Edwards Sent: donderdag 11 februari 2010 18:40 To: Garber, Kevin M. Cc: [email protected]; [email protected] Subject: Re: [vpn-help] Using Shrewsoft with IAS Radius + Cisco I've tried this variation as well and I still get the exact same errors on the router and client.. Thanks, Shawn Edwards Sr. Network Analyst Pathix ASP A Division of Vector Aerospace Corporation Ph: 709-724-8564 Fax: 709-724-8545 [email protected] From: "Garber, Kevin M." <[email protected]> To: "Shawn Edwards" <[email protected]>, <[email protected]>, <[email protected]> Date: 02/11/2010 01:48 PM Subject: RE: [vpn-help] Using Shrewsoft with IAS Radius + Cisco ________________________________ Shawn, Are you using the format of [email protected]? The format of domain\user does not work. Kevin From: [email protected] [mailto:[email protected]] On Behalf Of Shawn Edwards Sent: Thursday, February 11, 2010 11:33 AM To: [email protected]; [email protected] Subject: Re: [vpn-help] Using Shrewsoft with IAS Radius + Cisco We are using a Cisco ISR with Easy VPN Server to connect remote users to our network. We've been using it for quite some time with Cisco VPN Client but obviously need a 64 bit VPN Client. I came across shrewsoft VPN Client not too long ago, and would love if I could get this software working as it seems too good to be true.. In any case Here's what we have: Cisco ISR 2821 Running IPSEC VPN , doing radius authentication to a Windows Server 2003 Radius Server. Everything's configured properly as we use it successfully with the Cisco VPN Client. I installed shrewsoft 2.1.5, and it successfully imported the existing cisco PCF File we had. When I attempt to connect it asks me for username and password (No Domain field like Cisco VPN Though) I enter in credentials of a user that has permission's to connect.. Here is the output of shrewsoft: config loaded for site 'MyCompany.pcf' configuring client settings ... attached to key daemon ... peer configured iskamp proposal configured esp proposal configured client configured local id configured pre-shared key configured bringing up tunnel ... user authentication error tunnel disabled detached from key daemon I did a Debug RADIUS on the cisco ISR and get the following: *Feb 10 15:08:16 NST: ISAKMP:(0):Support for IKE Fragmentation not enabled *Feb 10 15:08:16 NST: RADIUS/ENCODE(000064C7):Orig. component type = VPN_IPSEC *Feb 10 15:08:16 NST: RADIUS: AAA Unsupported Attr: interface [175] 13 *Feb 10 15:08:16 NST: RADIUS: 31 39 32 2E 31 36 38 2E 32 35 32 [192.168.252] *Feb 10 15:08:16 NST: RADIUS/ENCODE(000064C7): dropping service type, "radius-se rver attribute 6 on-for-login-auth" is off *Feb 10 15:08:16 NST: RADIUS(000064C7): Config NAS IP: removed-ip-address *Feb 10 15:08:16 NST: RADIUS/ENCODE(000064C7): acct_session_id: 25799 *Feb 10 15:08:16 NST: RADIUS(000064C7): sending *Feb 10 15:08:16 NST: RADIUS(000064C7): Send Access-Request to 192.168.32.2:1645 id 1645/5, len 161 *Feb 10 15:08:16 NST: RADIUS: authenticator 97 70 52 F6 D5 AD D2 3F - 57 93 56 2F 79 6D C5 3F *Feb 10 15:08:16 NST: RADIUS: User-Name [1] 9 "testinguser" *Feb 10 15:08:16 NST: RADIUS: Calling-Station-Id [31] 17 "removed-ip-address" *Feb 10 15:08:16 NST: RADIUS: Vendor, Microsoft [26] 24 *Feb 10 15:08:16 NST: RADIUS: MS-CHAP-Challenge [11] 18 *Feb 10 15:08:16 NST: RADIUS: 97 70 52 F6 D5 AD D2 3F 57 93 56 2F 79 6D C5 3F [?pR?????W?V/ym??] *Feb 10 15:08:16 NST: RADIUS: Vendor, Microsoft [26] 58 *Feb 10 15:08:16 NST: RADIUS: MS-CHAP-V2-Response[25] 52 * *Feb 10 15:08:16 NST: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *Feb 10 15:08:16 NST: RADIUS: NAS-Port [5] 6 9 *Feb 10 15:08:16 NST: RADIUS: NAS-Port-Id [87] 15 "removed-ip-address" *Feb 10 15:08:16 NST: RADIUS: NAS-IP-Address [4] 6 removed-ip-address *Feb 10 15:08:16 NST: RADIUS: Received from id 1645/5 removed-ip-address:1645, Access- Reject, len 42 *Feb 10 15:08:16 NST: RADIUS: authenticator 4D 85 12 70 89 79 43 60 - 5B 76 6B BA 80 20 92 D3 *Feb 10 15:08:16 NST: RADIUS: Vendor, Microsoft [26] 22 *Feb 10 15:08:16 NST: RADIUS: MS-CHAP-ERROR [2] 16 *Feb 10 15:08:16 NST: RADIUS: 00 45 3D 36 39 31 20 52 3D 30 20 56 3D 33 [?E=691 R=0 V=3] *Feb 10 15:08:16 NST: RADIUS(000064C7): Received from id 1645/5 *Feb 10 15:08:16 NST: RADIUS/DECODE: Failure message in the MS-Chap-Error attrib ute is E=691 R=0 V=3 *Feb 10 15:08:16 NST: RADIUS/DECODE: Authentication failure Any ideas/help would be greatly appreciated.. Thanks, Shawn Edwards Sr. Network Analyst Pathix ASP A Division of Vector Aerospace Corporation Ph: 709-724-8564 Fax: 709-724-8545 [email protected] From: "Mike Parsons" <[email protected]> To: "'Lukasz Sokol'" <[email protected]>, <[email protected]> Date: 02/11/2010 12:59 PM Subject: Re: [vpn-help] Using VPN Trace utility ________________________________ Thanks, Lukasz-- You're referring to the open log button I assume and not the trace log? What is the trace log ubutton used for? Why aren't log files showing up in the shrew soft directory under the debug folder? Thanks in advance. Mike Parsons -- CISSP, IAM, IEM Chief Technical Officer [email protected] cell: 336-403-9710 office: 336-306-5573 Information security architecture and consulting Risk assessment Compliance readiness assessment Design and implementation services JNCIA -- Firewalls, SSL/VPN, IDP JNSS -- UAC, Security, Routers, DX Ironport, Bluecoat and Tipping Point certified Graduate Certificate in Information Security and Privacy Security+ MCP www.mynetwiz.com ******************************************************* Managing information risk through the application of sound technology If you know me, you can trust me. Galatians 2:20 -----Original Message----- From: Lukasz Sokol [mailto:[email protected]] Sent: Thursday, February 11, 2010 11:22 AM To: Mike Parsons Subject: Re: [vpn-help] Using VPN Trace utility Hello Mike, On 11/02/2010 15:57, Mike Parsons wrote: > Hello- > > > > I am trying to debug a vpn client connect issue using Shrew Soft 2.1.5 on > windows 7 and connecting to a Juniper SSG > > > > I started the VPN trace application and then attempted top connect to the > SSG. No output showed up in any of the VPN trace application tabs nor did > anything show up in the log files of the client. > > > > Any thoughts? > When you start Shrew Trace Utility, you need to go to File -> Options, there select Log Output Level (I select Informational), click OK, then in the main window click on Open Log button in each tab. (ver 2.1.5 had it so) Lukasz _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help ________________________________ This e-mail may contain confidential information and the sender does not waive any related rights and obligations. If you are not the intended recipient please notify the sender and discard it. ________________________________ This e-mail may contain confidential information and the sender does not waive any related rights and obligations. If you are not the intended recipient please notify the sender and discard it. </PRE><p style="font-family:arial;color:grey" style="font-size:13px">This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.</p><PRE>
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
