On 3/14/2010 11:33 AM, Nikolaj Griscenko wrote: > Hello, > > I can‘t establish an IPSec session between WinXP shrewsoft client 2.1.5 > and Cisco 2611 (12.4-1a IOS). Unable to negotiate phase 1 pre-shared key > authentication parameter. I configured Cisco to use isakmp client > configuration group „VPN“ and dynamic ipsec tunnels. Phase 1 parameters are: > > Encryption: 3des > DH Group: 2 > Hash: md5 > Authentication: pre-shared key > > Lifetime: 28800 s > ... > > I also tried configuring shrewsoft without specifying a VPN group > parameter, and it passed the phase 1 successfully, but could not pass > phase 2. Is it something wrong with Cisco or Client config? >
You will have to forgive me. Once upon a time I managed a lot of Cisco gear but these days my IOS is a bit rusty :) Maybe this document could help? http://www.fredshack.com/docs/vpnios.html You basically want to configure the router in the same manner you would for the Cisco VPN client and then use the appropriate settings on the Shrew client. However, those settings entirely depend on how the router is configured and I don't have an IOS device in my lab to provide test samples or configurations with. If you are unsure of the settings, you can start with the Cisco VPN Client and a Cisco document, then export the PCF and import it into the Shrew Soft client. Hope this helps, -Matthew _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
