Kevin VPN <kvpn@...> writes: > > Hi Martin, > > Do you by any chance have DirectAccess enabled on the Win2008R2 server? > If I understand DirectAccess correctly, it allows the establishment of > IPsec tunnels from Win7 clients to Win2k8R2 servers. That would imply > there's an IPsec process or service running on the OS. > > If you have DirectAccess enabled, maybe that service/component is > intercepting the IPsec packets that should be destined for the Shrew > client? That might explain why you are able to see the packets arrive > on the OS, but that they don't make it to the Shrew process. > > On 03/07/2012 09:42 AM, Roper, Andrew wrote: > > Martin, > > > > I have seen some other discussions on these lists where other people > > have had trouble with getting Shrew to work on Win2K8R2 and on any OS > > running in a VM. The suspicion is that Win2K8R2 is not supported and > > that something in the Hypervisor might be preventing the connection > > from establishing. I, personally, have not tried Shrew Client on an > > OS in a VM so I don't have any advice there. I would check to make > > sure that there aren't any firewall rules on the hypervisor that may > > be preventing the tunnel from establishing. > > > > Regards, Andrew > > > > From: Forster Martin [mailto:Martin.Forster@...] Sent: Friday, > > March 02, 2012 10:19 AM To: Roper, Andrew Subject: RE: win2008r2 ike > > phase 1 fails, works on win7x64 sp1 > > > > HI Andrew, > > > > both machines win7 and win2008r2 are behind the same firewall. > > (Watchguard) Both machines have their sw firewalls (onboard windows) > > on. I have verified the arrival of answer packets with > > > > - a monitoring port. > > > > - A local installation of the Microsoft network monitor on the > > win2008r2 box. > > > > The empty capture files I mentioned are from the Shrew Trace > > utility. I appended them. > > > > Further Details. Both are vms on a esxi 4.1 host. The win2008r2 ist > > running with a vmxnet3, the win7 box runs with e1000 adapter. > > > > The Firewall Server is some sort of cisco, i guess a ASA. > > > > Regards Martin > > >
Hi all, sorry to dig out this old thread, but I'm running into this exact problem right now. The Win2k8r2 server (tried 2.1.7/2.2.0b2) does receive the IKE responses (verified with WireShark running on the server), its firewall is off. Also, there is no sign of anything called 'DirectAccess' on the server (or I couldn't find it). It seems the packets do not reach the iked process. Using the native client tool (FritzBox) works, as does a ShrewSoft connection from a Win7SP1x64 box to the same target (using the same configuration file as on the server). I'm not sure if this could be a 'session 0 isolation' problem (since it's win2k8r2). Any thoughts? Martin, have you been able to solve this problem? Cheers, Bjoern _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
