Thank you so much Alexis , you have no idea how many times I’ve looked at the vpn (router) configuration and I did not noticed this until you’ve pointed me in the right direction
for anybody else who might have the same problem this is the configuration part in cisco router crypto ipsec transform-set VPN esp-3des esp-sha-hmac and I set the Phase2 in Shrew to Transform Algorithm: esp-3des HMAC Algorithm: sha1 PFS Exchange: group 2 Thank you again , and hope this helps some other users who are having trouble. From: [email protected] [mailto:[email protected]] On Behalf Of Alexis La Goutte Sent: Friday, May 22, 2015 3:02 PM To: Alexandru Duzsardi Cc: [email protected] Subject: Re: [vpn-help] VPN tunnel is up but can't ping internal network Hi Alexandru, After quick look, you received a "received peer NO-PROPOSAL-CHOSEN notification" You need to check phase 2 parameter, there is a problem (setting don't match). Regards, On Fri, May 22, 2015 at 1:19 PM, Alexandru Duzsardi <[email protected]<mailto:[email protected]>> wrote: Ok , these are the logs but I removed many things from them , basically anything that looked suspicious to me cookie, spi, message , real ip – replaced with dots or x Thank you for taking an interest in resolving the problem. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Alexis La Goutte Sent: Thursday, May 21, 2015 9:54 PM To: Alexandru Duzsardi Cc: [email protected]<mailto:[email protected]> Subject: Re: [vpn-help] VPN tunnel is up but can't ping internal network On Thu, May 21, 2015 at 8:27 PM, Alexandru Duzsardi <[email protected]<mailto:[email protected]>> wrote: on the router or on shrew client? Both For Shrew, the information is available here to get log https://www.shrew.net/support/VPN_Bug_Report_Windows i just noticed that i only posted the IOS version not the actual harware the harware is an old Cisco 1760 router, not a pix/asa firewall Sent from android mobile Alexis La Goutte <[email protected]<mailto:[email protected]>> wrote: Hi, Do no forget to add vpn-help list to CC. There is a lot of VPN concentrator but there is a menu with Logs... need to check logs... Regards, On Thu, May 21, 2015 at 8:05 PM, Alexandru Duzsardi <[email protected]<mailto:[email protected]>> wrote: how do i check all of these, sorry but i'm not very familiar with cisco vpn configurations. I always used openvpn and/or pptp in the past. Now i'm working at a company and i "inhereted" the cisco vpn concentrator without any real documentation just the login credentials. Sent from android mobile Alexis La Goutte <[email protected]<mailto:[email protected]>> wrote: Hi Alexandru, What say the log of your Cisco VPN Gateway ? When the VPN tunnel is UP, on Network Tab, there is Security Associations Established ? What Do you have configure on Policy Generation level ? Regards, On Thu, May 21, 2015 at 10:23 AM, Alexandru Duzsardi <[email protected]<mailto:[email protected]>> wrote: Hello, I’m trying to change our Cisco vpn clients with Shrew , as many of you know that there are some issues with Cisco’s VPN client and windows 8(.1) I’ve already tried everything that I could find on the net but it did not solve the issue. So back to the problem in hand , I’ve imported the vpn profile from cisco client in shrew , it sets up the tunnel but I can’t ping any IP from the internal network(s) at our office. We are using a Cisco IOS Software, C1700 Software (C1700-ADVSECURITYK9-M), Version 12.4(6)XT2, RELEASE SOFTWARE (fc2) router as our VPN concentrator I can post the relevant parts of the IPSec configuration if needed This is the client profile for now n:version:4 n:network-ike-port:500 n:network-mtu-size:1380 s:client-auto-mode:pull s:client-iface:virtual n:client-addr-auto:1 n:network-natt-port:4500 n:network-natt-rate:15 s:network-frag-mode:disable n:network-frag-size:540 n:network-dpd-enable:1 n:network-notify-enable:1 n:client-banner-enable:1 s:ident-server-type:any s:phase1-exchange:aggressive s:phase1-cipher:auto s:phase1-hash:auto n:phase1-dhgroup:2 n:phase1-life-secs:86400 s:phase2-transform:auto s:phase2-hmac:auto n:phase2-pfsgroup:0 s:ipcomp-transform:disabled n:client-dns-used:1 n:client-dns-auto:1 n:client-dns-suffix-auto:1 n:client-splitdns-used:1 n:client-splitdns-auto:1 n:client-wins-used:1 n:client-wins-auto:1 n:phase2-life-secs:3600 n:phase2-life-kbytes:0 n:policy-nailed:0 n:policy-list-auto:1 s:network-host:x.x.x.x (Public IP of the router) s:auth-method:mutual-psk-xauth s:ident-client-type:keyid s:ident-client-data:Work b:auth-mutual-psk:xxxxxxxxxxxxxxxx (Pre Shared Key) s:client-saved-username:imicev s:network-natt-mode:enable If needed I will post the relevant parts of the router too. Any help would be greatly appreciated. Thank you! _______________________________________________ vpn-help mailing list [email protected]<mailto:[email protected]> https://lists.shrew.net/mailman/listinfo/vpn-help
_______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
