On 07/02/2013 09:01 AM, Häcker, Tobias A. wrote:
I have the same issue. The peer is a bintec (Teldat) Router.
I have observed the following:
Client is a real hardware – no issues with Win XP or Win 7 with 2.1.x or 2.2.x
Client is virtualized on ESXi 4.x or 5.x:
* 2.1.x works with network adaptor type E1000 (XP or 7)
* 2.1.x does not work with network adaptor VMXNET2 or VMXNET3 (XP or 7).
* 2.2.0 does not work on either E1000 or VMXNET2 or VMXNET3 running Win 7 32
Bit (XP not tested).
So basically I assume there is some interference between the virtualization
layer on the network. E1000 simulates “real” hardware.
What exactly the difference is between 2.1.x and 2.2.x I don’t know actually.
Hi Tobias,
One of the big differences between 2.1.x and 2.2.x is support for more
Phase 2 algorithms. The negotiations for selecting an algorithm set
often results in a packet that is too large and has to be fragmented.
Many firewalls do not like fragmented packets and drop them, which
results in a failure of the Phase 2 negotiation in the VPN.
You can try this to see if this is your problem:
On the Phase 2 configuration tab, change the Transform Algorithm and
HMAC Algorithm from "Auto" to a specific value (based on your VPN
gateway's settings). This will make the Phase 2 packets smaller so they
do not get fragmented.
_______________________________________________
vpn-help mailing list
[email protected]
https://lists.shrew.net/mailman/listinfo/vpn-help
