On Tue, 15 Mar 2011 17:18:14 +0100 (CET) Maurizio Properzi <[email protected]> wrote:
> Problem: > > After examining the device log, root cause seems to be [see > Log-gateway.gif] a Phase 2 ID mismatch, but I haven't found where to > change it in client settings, while other VPN clients let me to do > so!!!... > Hi Maurizio, You are correct, you do have a Phase 2 mismatch. The Shrew client is attempting to tunnel all traffic from the client PC to the gateway (e.g. <0.0.0.0>-<0.0.0.0>) whereas the gateway is expecting only traffic for the local subnet (e.g. <192.168.0.0>-<255.255.255.0>). You can correct this in the Shrew config. If you're using Windows, in the Site Configuration, on the Policy tab (far right tab) do the following: 1. Uncheck "Obtain Topology Automatically or Tunnel All". 2. Click Add and use the following settings: Type: Include Address: 192.168.0.0 Netmask: 255.255.255.0 3. Click Ok then Save. If you're using Linux and editing the configuration file manually, you have to change a couple policy-list lines. From: s:policy-list-auto:1 s:policy-list-include:0.0.0.0 / 0.0.0.0 To: s:policy-list-auto:0 s:policy-list-include:192.168.0.0 / 255.255.255.0 That should hopefully do it. _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
