On 3/17/2010 7:19 AM, Stefano Lassi wrote: > Hi > I'm using, with very good success, Shrew VPN Client in order to connect > Cisco VPN gateways (IOS, ASA/PIX, VPN3000), using PSK authentication. > Now, I'm trying to connect to same Cisco VPN gateways using Ibrid (RSA + > XAuth) authentication, without success. > Main problem I got is Cisco VPN Server seem not recognizing VPN Group > (profile), normally specified using certificate OU field. > I tested few different client authentication "Identification Type" > options (ASN.1, Key Identifier, etc.) without success: Cisco gateways > report no "group association" were present from client request. > Somebody has got some hints how configure Shrew VPN Client to > correctelly propose right OU field <-> VPN profile association to Cisco > VPN Gateways (correct OU mapping is already correctelly in place on VPN > servers, because they are working fine with RSA authentication against > Cisco VPN Clients ...). > Thank you very much and see you soon > Stefano >
Stefano, For Cisco Hybrid, you should not use Mutual RSA + Xauth. Use Hybrid RSA + XAuth instead. If you need Mutual RSA + Xauth and that isn't working, can you provide log output from the client and the gateway? -Matthew _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
