Hi list, I am having problems with my set up: Local destination network: 192.168.4.0/24 Local destination hosts: 192.168.4.100 Remote destination network: 192.167.40.0/24 Remote destination hosts: 192.168.40.27 VPN peering point: xxx.xxx.xxx.xx
Then they have given me the following details: IPSEC/ISAKMP Phase 1 Parameters: Authentication method: pre shared secret Diffie Hellman group: group 2 Encryption Algorithm: 3DES Lifetime in seconds:28800 Phase 2 parameters: IPSEC security: ESP Encryption algortims: 3DES Authentication algorithms: MD5 lifetime in seconds: 28800 pfs: disabled I have tried to set my Shrew settings to connect to this as best as possible, but I am not sure I have got it correct. here is the site file. n:version:2 n:network-ike-port:500 n:network-mtu-size:1380 n:client-addr-auto:0 n:network-frag-size:540 n:network-dpd-enable:1 n:network-notify-enable:1 n:client-banner-enable:1 n:client-dns-used:1 b:auth-mutual-psk:YjJzN2QzdDhyN2EyZDNpNG42ZzQ= n:phase1-dhgroup:2 n:phase1-keylen:0 n:phase1-life-secs:28800 n:phase1-life-kbytes:0 n:vendor-chkpt-enable:0 n:phase2-keylen:0 n:phase2-pfsgroup:-1 n:phase2-life-secs:28800 n:phase2-life-kbytes:0 n:policy-nailed:0 n:policy-list-auto:1 n:client-dns-auto:1 n:network-natt-port:4500 n:network-natt-rate:15 s:client-dns-addr:0.0.0.0 s:client-dns-suffix: s:network-host:xxx.xxx.xxx.xxx i have redacted this address for security s:client-auto-mode:pull s:client-iface:virtual s:client-ip-addr:192.168.1.0 s:client-ip-mask:255.255.255.0 s:network-natt-mode:enable s:network-frag-mode:disable s:auth-method:mutual-psk s:ident-client-type:address s:ident-client-data:192.168.4.0 s:ident-server-type:address s:ident-server-data:192.168.40.0 s:phase1-exchange:aggressive s:phase1-cipher:3des s:phase1-hash:md5 s:phase2-transform:3des s:phase2-hmac:md5 s:ipcomp-transform:disabled Here is what i get when i turn on the debug in the log: 10/12/21 14:32:51 ii : ipc client process thread begin ... 10/12/21 14:32:51 <A : peer config add message 10/12/21 14:32:51 DB : peer added ( obj count = 1 ) 10/12/21 14:32:51 ii : local address 217.150.241.151 selected for peer 10/12/21 14:32:51 DB : tunnel added ( obj count = 1 ) 10/12/21 14:32:51 <A : proposal config message 10/12/21 14:32:51 <A : proposal config message 10/12/21 14:32:51 <A : client config message 10/12/21 14:32:51 <A : local id '192.168.4.0' message 10/12/21 14:32:51 <A : remote id '192.168.40.0' message 10/12/21 14:32:51 <A : preshared key message 10/12/21 14:32:51 <A : peer tunnel enable message 10/12/21 14:32:51 DB : new phase1 ( ISAKMP initiator ) 10/12/21 14:32:51 DB : exchange type is aggressive 10/12/21 14:32:51 DB : 217.150.241.151:500 <-> 206.106.137.228:500 10/12/21 14:32:51 DB : a05ba820fa633a8c:0000000000000000 10/12/21 14:32:51 DB : phase1 added ( obj count = 1 ) 10/12/21 14:32:51 >> : security association payload 10/12/21 14:32:51 >> : - proposal #1 payload 10/12/21 14:32:51 >> : -- transform #1 payload 10/12/21 14:32:51 >> : key exchange payload 10/12/21 14:32:51 >> : nonce payload 10/12/21 14:32:51 >> : identification payload 10/12/21 14:32:51 >> : vendor id payload 10/12/21 14:32:51 ii : local supports nat-t ( draft v00 ) 10/12/21 14:32:51 >> : vendor id payload 10/12/21 14:32:51 ii : local supports nat-t ( draft v01 ) 10/12/21 14:32:51 >> : vendor id payload 10/12/21 14:32:51 ii : local supports nat-t ( draft v02 ) 10/12/21 14:32:51 >> : vendor id payload 10/12/21 14:32:51 ii : local supports nat-t ( draft v03 ) 10/12/21 14:32:51 >> : vendor id payload 10/12/21 14:32:51 ii : local supports nat-t ( rfc ) 10/12/21 14:32:51 >> : vendor id payload 10/12/21 14:32:51 ii : local supports DPDv1 10/12/21 14:32:51 >> : vendor id payload 10/12/21 14:32:51 ii : local is SHREW SOFT compatible 10/12/21 14:32:51 >> : vendor id payload 10/12/21 14:32:51 ii : local is NETSCREEN compatible 10/12/21 14:32:51 >> : vendor id payload 10/12/21 14:32:51 ii : local is SIDEWINDER compatible 10/12/21 14:32:51 >> : vendor id payload 10/12/21 14:32:51 ii : local is CISCO UNITY compatible 10/12/21 14:32:51 >= : cookies a05ba820fa633a8c:0000000000000000 10/12/21 14:32:51 >= : message 00000000 10/12/21 14:32:51 -> : send IKE packet 217.150.241.151:500 -> 206.106.137.228:500 ( 484 bytes ) 10/12/21 14:32:51 DB : phase1 resend event scheduled ( ref count = 2 ) 10/12/21 14:32:51 ii : opened tap device tap0 10/12/21 14:33:01 -> : resend 1 phase1 packet(s) 217.150.241.151:500 -> 206.106.137.228:500 10/12/21 14:33:11 -> : resend 1 phase1 packet(s) 217.150.241.151:500 -> 206.106.137.228:500 10/12/21 14:33:21 -> : resend 1 phase1 packet(s) 217.150.241.151:500 -> 206.106.137.228:500 10/12/21 14:33:31 ii : resend limit exceeded for phase1 exchange 10/12/21 14:33:31 ii : phase1 removal before expire time 10/12/21 14:33:31 DB : phase1 deleted ( obj count = 0 ) 10/12/21 14:33:31 ii : closed tap device tap0 10/12/21 14:33:31 DB : tunnel stats event canceled ( ref count = 1 ) 10/12/21 14:33:31 DB : removing tunnel config references 10/12/21 14:33:31 DB : removing tunnel phase2 references 10/12/21 14:33:31 DB : removing tunnel phase1 references 10/12/21 14:33:31 DB : tunnel deleted ( obj count = 0 ) 10/12/21 14:33:31 DB : removing all peer tunnel refrences 10/12/21 14:33:31 DB : peer deleted ( obj count = 0 ) 10/12/21 14:33:31 ii : ipc client process thread exit ... please can you help me determine what is going wrong. Many thanks -- Rob Woolfson - CTO mobile:+972-544904157 office:+972-3-5353751 -- Rob Woolfson - CTO mobile:+972-544904157 office:+972-3-5353751 _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
