On 2/11/2010 10:32 AM, Shawn Edwards wrote: > We are using a Cisco ISR with Easy VPN Server to connect remote users to > our network. We've been using it for quite some time with Cisco VPN > Client but obviously need a 64 bit VPN Client. I came across shrewsoft > VPN Client not too long ago, and would love if I could get this software > working as it seems too good to be true.. In any case Here's what we have: > > Cisco ISR 2821 Running IPSEC VPN , doing radius authentication to a > Windows Server 2003 Radius Server. Everything's configured properly as > we use it successfully with the Cisco VPN Client. > > I installed shrewsoft 2.1.5, and it successfully imported the existing > cisco PCF File we had. When I attempt to connect it asks me for username > and password (No Domain field like Cisco VPN Though) I enter in > credentials of a user that has permission's to connect.. Here is the > output of shrewsoft: >
I wish I had some good insight for you. There are a few ways in which Xauth can operate. The most typical is to request the raw password ( encrypted using ISAKMP ) which can be used to create a MS-CHAP hash used during your session between the gateway and your radius server. The only CHAP method defined in the Xauth documents ( where a client actually participates in the CHAP conversation ) is CHAP-MD5. However, this wouldn't be compatible with your MS-CHAP RADIUS session because you can't turn a CHAP-MD5 response into an MS-CHAP response. Have you looked at the VPN Client debug level output to see if its responding to a CHAP ( ie. CHAP-MD5 ) Xauth request? It should be pretty easy to spot. http://shrew.net/support/wiki/BugReportVpnWindows -Matthew _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
