On 02/20/2012 10:58 AM, James Cope wrote:
Hi,
We can see the packets leaving the client and hitting the firewall,
what we can't see is the client accepting the returned packets from
the firewall. I have other users using the same routers, DSL from
same provider and same machine setup. We have an old XP laptop on
site and that can connect so it looks to be something specific about
this machines config (not the VPN config as that is standard).
2012-02-20 11:57:43 info IKE 217.41.45.141 Phase 1: Retransmission
limit has been reached. 2012-02-20 11:57:35 info IKE 217.41.45.141
phase 1:The symmetric crypto key has been generated successfully.
2012-02-20 11:57:35 info IKE 217.41.45.141 Phase 1: Responder starts
AGGRESSIVE mode negotiations. 2012-02-20 11:56:54 info IKE
217.41.45.141 phase 1:The symmetric crypto key has been generated
successfully. 2012-02-20 11:56:54 info IKE 217.41.45.141 Phase 1:
Responder starts AGGRESSIVE mode negotiations.
Thanks James
________________________________ From: Roper, Andrew
[mailto:[email protected]] Sent: 20 February 2012 15:45 To:
James Cope; [email protected] Subject: RE: Shrew 2.1.7&
Windows 7 (64 bit)
James,
I would suggest getting packet captures to see what is going on. I
would gather them on the client and at the gateway. If you see the
packets leaving the client and arriving at the gateway then the
client is not at issue. Then, you will need to enable logging on both
the gateway and the corporate VPN endpoint to see if the packets are
arriving there and what the disposition is of those packets. Without
further data, it is difficult to speculate what is occurring.
-Andrew
From: [email protected]
[mailto:[email protected]] On Behalf Of James Cope
Sent: Monday, February 20, 2012 8:35 AM To: [email protected]
Subject: [vpn-help] Shrew 2.1.7& Windows 7 (64 bit)
Hi,
I have a user who has successfully been connecting up to our office
for several months without issue. He's now not been able to connect
for just under 2 weeks. He has had sporadic problems connecting
occassionally but this is a long term period of inactivity now.
Each time it comes back with Negotiation timeout occurred. We have
tried on another machine at his location and that can connect so
router/dsl/firewall are all functioning ok. We have tried both
reinstalling Shrew from scratch and performing a system restore on
the PC, neither of which have resolved. All 3rd party software has
also been disabled. in MSCONFIG as well as the AV and firewall
software.
This machine does not have a wireless adaptor in so there is no
virtual wifi miniport to remove.
Is anyone aware of any further issues at play here?
Hi James,
If you can see packets sent the client but do not see packets coming
back from the gateway, then there's something on the return path causing
issues.
One possibility may be that the gateway is dropping the packets for some
reason. Your VPN gateway/firewall may have additional ipsec debugging
that you can enable that might tell you why.
Another possibility is NAT confusions. If you have more than one client
behind a NAT router, perhaps either the gateway is rejecting due to SPI
confusions or your NAT router is sending the packets to the wrong host
(or dropping them). Have you tried testing this client with all other
clients that are behind the same router disconnected?
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
