On 02/02/2012 08:39 AM, Daniele@Gmail wrote:
Hi Kevin,
I resolved my problem by these steps:
* uninstall VPN client (last installed: version 2.2.0)
* drop all connections files
* reinstall VPN client (2.1.7)
* import my VPN configuration from CISCo pcf file
Now the VPN works.
Thank you.
Daniele
Il 27/01/2012 04:47, Kevin VPN ha scritto:
On 01/26/2012 08:38 AM, Daniele Comand wrote:
Phase 1 appears to connect and I get the 'Tunnel enabled' message,
however,
I cannot ping or access any remote IP addresses.
I tried both the client versions 2.1.7 and 2.2.0, with almost identical
results.
From another Windows XP machine with a Cisco client I can connect.
In the IKED.log debug file I find this message:
"12/01/25 20:07:08!: Peer violates RFC number transform mismatch (1!
= 14)"
Can you help me to get the VPN works?
VPN Client Version = 2.1.7 e 2.2.0
Windows OS Version = Windows 7 64-bit
Gateway Make/Model = CISCO PIX
Gateway OS Version = unknown
Hi Daniele,
The problem is that the Phase2 negotiation is failing. According to
the iked.log you provided, Phase1, XAuth and client configuration
succeed, but Phase2 fails.
You'll need to contact the VPN gateway administrator to find out why
Phase2 is failing. It is probably because some of the settings in the
Shrew client do not match what the Cisco requires.
iked.log:
12/01/25 20:07:08 ii : phase1 sa established
...
12/01/25 20:07:08 ii : received basic xauth request -
12/01/25 20:07:08 ii : - standard xauth username
12/01/25 20:07:08 ii : - standard xauth password
12/01/25 20:07:08 ii : sending xauth response for comand
12/01/25 20:07:08 ii : received xauth result -
12/01/25 20:07:08 ii : user comand authentication succeeded
...
12/01/25 20:07:08 ii : sending config pull request
12/01/25 20:07:08 ii : processing config packet ( 76 bytes )
12/01/25 20:07:08 DB : config found
12/01/25 20:07:08 ii : received config pull response
12/01/25 20:07:08 ii : - IP4 Address = 192.168.61.6
...
12/01/25 20:07:24 -> : resend 1 phase2 packet(s) [2/2]
10.168.89.206:500 -> ??.???.???.?:500
12/01/25 20:07:27 -> : resend 1 phase2 packet(s) [2/2]
10.168.89.206:500 -> ??.???.???.?:500
12/01/25 20:07:29 ii : resend limit exceeded for phase2 exchange
12/01/25 20:07:29 ii : phase2 removal before expire time
12/01/25 20:07:29 DB : phase2 deleted ( obj count = 1 )
Great Daniele, thanks for reporting back!
I've copied the list so that others who are having problems with
PCF-related configurations can see what you did.
By "dropped all connection files" I assume you mean that you went into
the "Documents/Shrew Soft VPN/sites" directory and deleted the
configuration files that were in there. Doing that would prevent Shrew
from automatically importing them when you installed the client again,
which would allow you to import the PCF file again.
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
