Hello, If you use ModeConfig+XAUTh add in Shrew - IPSEC Policy jj.q.25.0 / 255.255.255.0 x.y.z.0 / 255.255.255.0 - ip pool to serwer you want get.
If you don't use ModeConfig+XAUTh the Shrew simply won't connect. Regards, Michal Wegrzyn ----- Original Message ----- From: Preston Harrison To: [email protected] Sent: Saturday, February 13, 2010 6:40 AM Subject: [vpn-help] Tunnel from Shrew Soft to Netgear FVS338 formed but notworking I'm using the Shrew Soft VPN Client, Verison 2.15 to form a tunnel to a Netgear FVS338. I can't connect using Remote Desktop and I get a timeout from PING. Here is the VPN log on the FVS338 (I substitued random letters for the number in the first two octets of the IPs in the log for security purposes): 2010 Feb 12 23:15:17 [FVS338] [IKE] Remote configuration for identifier "vpn.com" found_ 2010 Feb 12 23:15:17 [FVS338] [IKE] Received request for new phasIf e 1 negotiation: sy.vw.36.137[500]<=>ab.gh.88.140[500]_ 2010 Feb 12 23:15:17 [FVS338] [IKE] Beginning Aggressive mode._ 2010 Feb 12 23:15:17 [FVS338] [IKE] Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt_ 2010 Feb 12 23:15:17 [FVS338] [IKE] Received unknown Vendor ID_ - Last output repeated twice - 2010 Feb 12 23:15:17 [FVS338] [IKE] Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02__ 2010 Feb 12 23:15:17 [FVS338] [IKE] Received unknown Vendor ID_ - Last output repeated 6 times - 2010 Feb 12 23:15:18 [FVS338] [IKE] Received Vendor ID: CISCO-UNITY_ 2010 Feb 12 23:15:18 [FVS338] [IKE] For ab.gh.88.140[500], Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02_ 2010 Feb 12 23:15:20 [FVS338] [IKE] Floating ports for NAT-T with peer ab.gh.88.140[4500]_ 2010 Feb 12 23:15:20 [FVS338] [IKE] NAT-D payload does not match for sy.vw.36.137[4500]_ 2010 Feb 12 23:15:20 [FVS338] [IKE] NAT-D payload does not match for ab.gh.88.140[4500]_ 2010 Feb 12 23:15:20 [FVS338] [IKE] NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device_ 2010 Feb 12 23:15:20 [FVS338] [IKE] Sending Xauth request to ab.gh.88.140[4500]_ 2010 Feb 12 23:15:20 [FVS338] [IKE] ISAKMP-SA established for sy.vw.36.137[4500]-ab.gh.88.140[4500] with spi:cbd501b988552332:978610d758636710_ 2010 Feb 12 23:15:20 [FVS338] [IKE] purging spi=250579867._ 2010 Feb 12 23:15:21 [FVS338] [IKE] Received attribute type "ISAKMP_CFG_REPLY" from ab.gh.88.140[4500]_ 2010 Feb 12 23:15:21 [FVS338] [IKE] Login succeeded for user "Preston"_ 2010 Feb 12 23:15:22 [FVS338] [IKE] Received attribute type "ISAKMP_CFG_REQUEST" from ab.gh.88.140[4500]_ 2010 Feb 12 23:15:22 [FVS338] [IKE] jj.q.25.101 IP address is assigned to remote peer ab.gh.88.140[4500]_ 2010 Feb 12 23:15:22 [FVS338] [IKE] Ignored attribute 5_ 2010 Feb 12 23:15:22 [FVS338] [IKE] Cannot open "/etc/motd"_ 2010 Feb 12 23:15:30 [FVS338] [IKE] Responding to new phase 2 negotiation: sy.vw.36.137[0]<=>ab.gh.88.140[0]_ 2010 Feb 12 23:15:30 [FVS338] [IKE] Using IPsec SA configuration: rst.lmn.0.0/24<->jj.q.25.0/24_ 2010 Feb 12 23:15:31 [FVS338] [IKE] Adjusting peer's encmode 61443(61443)->Tunnel(1)_ 2010 Feb 12 23:15:32 [FVS338] [IKE] IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel ab.gh.88.140->sy.vw.36.137 with spi=87747332(0x53aeb04)_ 2010 Feb 12 23:15:32 [FVS338] [IKE] IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel sy.vw.36.137->ab.gh.88.140 with spi=3107620073(0xb93a84e9)_ sy.vw.36.137 is the VPN host (FVS338) IP ab.gh.88.140 is the client host (AT&T 2wire Gateway) jj.q.25.0 is the Mode Config IP pool rst.lmn.0.0 is the FVS338 DHCP assigned IP Can anyone tell me why I can't use the tunnel? ------------------------------------------------------------------------------ _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
