VPN Client Version: 2.1.7-release and 2.2.0-rc-2 Windows OS Version: 7 Gateway Make/Model: Cisco ASA Gateway OS Version: 8.3(2)
I've got a couple of ASAs that were both on 8.2(5) and working fine with ShrewSoft 2.1.7. Recently, I upgraded one of them to 8.3(2) and now the ShrewSoft client can no longer connect. I'm aware of the "unidirectional" nat exclusion issue in 8.3(2) and have already corrected it. The official Cisco client is able to connect, as is vpnc on Linux and the integrated Cisco-compatible client in Mac OS X. The same ShrewSoft clients that can't connect to the 8.3(2) ASA can still connect to the 8.2(5) ASA (the tunnel-groups are identical). There's nothing exotic about my configuration, just your standard IKEv1 with XAuth-PSK auth and NAT-T encapsulation. It's virtually identical to the Cisco ASA example on the Support page, except that the example is from a pretty old ASA version. I see two different failure modes - sometimes the ASA shows a "Failure during phase 1 rekeying attempt due to collision" error and immediately sends a DELETE to the client, at which point the connection is terminated. Other times, the client will seemingly hang after sending multiple config requests. I also gave the ShrewSoft 2.2.0-rc-2 client a try, and it behaves exactly the same. Cisco TAC was about as helpful as you might expect, so I'm hoping someone else has been through this and had better luck. I'm happy to provide sanitized logs if it will help identify the issue. Thanks! _______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
