On 02/02/2012 09:17 AM, Matthias Paust wrote:
Problem:
The VPN client is connected to my gateway (tunnel enabled) but no
access to the remote network is possible. We are using FortiGate 80c
(fw v4.0,build0511,120110 (MR3 Patch 4)) and ShrewSoft VPN Client
2.1.7 for Windows.
The problems occurred after updating the firewall to the new version.
With fw version v4.0,build0328,110718 (MR2 Patch 8) there was no
problem.
Attached debug logs.
Hi Matthias,
In general, everything looks good. Phase1 & Phase2 negotiations, and
DHCP over IPSec configuration completes:
12/02/02 12:06:36 ii : phase1 sa established
12/02/02 12:06:36 ii : phase2 sa established
12/02/02 12:06:40 ii : reading DHCP reply options
12/02/02 12:06:40 ii : - message type = ack ( 192.168.123.53 )
From the looks of the policies, the VPN clients get an IP in the
192.168.0.0/16 private range and your internal network is in the
10.0.0.0/8 range. This means there is no overlap between the VPN
clients and private hosts, which is good.
However, this is received about 1.5 minutes after the connection is
established, then Shrew tears the connection down.
12/02/02 12:08:25 !! : message type is invalid ( 0 )
I would look at the Fortigate logs to see if it decided to kill the
connection for some reason.
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
