On 04/29/2013 06:24 PM, Clevenger, Stephen wrote:
Good day,
Working with your VPN client to gain access to a E5500 sonic wall. We
are using the Shrew 2.2.0 client for windows. The sonic wall is at
SonicOS Enhanced 5.8.1.12-65o.
After talking to tech support with Sonic wall, we have set our
firewall to accept fixed Phase 1 aggressive /3des / SHA1 / Group1 /
28800 sets , / then in policy to be accepting of all policies / and
in phase 2 fixed set policy of ESP-3Des/ Sha1 / PFS auto /
Compression - disable / Key life 28800/ and no data-limits sets. We
have connectivity thru phase1 and into login for AD /LDAP
verification. Where we stop is in the IPSec Policy setup.
Attached is a copy of our sonic wall logs.
You will see how the sonic client connects up and works just fine
with the same users as the Shrew Client. SO this is not a username /
AD issue.
Next is the log from when the user tries to connect using the Shrew
client. They get thru Phase 1 and to the authentication (AD) and
then just logs out when it should be connecting the policy part to
move on to the phase 2 connect . We see the disconnect comes from
the shrew Client which is strange. SO it tells me there is an issue
with the policy part of the Shrew Client
Under policy I have tried the following by myself:
Policy generation level has been thru all in list. Still
disconnects without looking into the policy setup at all that we
see. I have tried maintain persistent sec assoc. both enabled and
disabled with no success I have to have set " obtain topology"
enabled or it does not work at all.
Is there something I have missed on the client side that needs to be
set to make this work?
Hi Stephen,
To determine why the Shrew client is disconnecting, can you generate a
debug trace for us using the instructions below? Please remember to
restart the IKE Service after changing the Log Output Level:
https://www.shrew.net/support/VPN_Bug_Report_Windows
Also attaching your Shrew client site configuration would be helpful.
_______________________________________________
vpn-help mailing list
[email protected]
https://lists.shrew.net/mailman/listinfo/vpn-help
