Hi Kevin, you are correct, also... ...changing "Site configuration"->"Policy"->"IPSEC Policy Configuration" settings, according to your hint, fixed all.
If you (= shrew.net)like, I can contribute writing down a configuration guide for ZYXEL P-662H-D1 and P-661H-D1 (however, these devices, AFAIK, are no longer produced...) Thank you, best regards Maurizio Properzi --- On Tue, 15 Mar 2011 17:18:14 +0100 (CET) Maurizio Properzi <maurizio.properzi at univaq.it> wrote: > Problem: > > After examining the device log, root cause seems to be [see > Log-gateway.gif] a Phase 2 ID mismatch, but I haven't found where to > change it in client settings, while other VPN clients let me to do > so!!!... > Hi Maurizio, You are correct, you do have a Phase 2 mismatch. The Shrew client is attempting to tunnel all traffic from the client PC to the gateway (e.g. <0.0.0.0>-<0.0.0.0>) whereas the gateway is expecting only traffic for the local subnet (e.g. <192.168.0.0>-<255.255.255.0>). You can correct this in the Shrew config. If you're using Windows, in the Site Configuration, on the Policy tab (far right tab) do the following: 1. Uncheck "Obtain Topology Automatically or Tunnel All". 2. Click Add and use the following settings: Type: Include Address: 192.168.0.0 Netmask: 255.255.255.0 3. Click Ok then Save. If you're using Linux and editing the configuration file manually, you have to change a couple policy-list lines. From: s:policy-list-auto:1 s:policy-list-include:0.0.0.0 / 0.0.0.0 To: s:policy-list-auto:0 s:policy-list-include:192.168.0.0 / 255.255.255.0 That should hopefully do it. _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
