Hi,
On Fri, May 22, 2015 at 4:22 PM, Alexandru Duzsardi < [email protected]> wrote: > Thank you so much Alexis , you have no idea how many times I’ve looked > at the vpn (router) configuration and I did not noticed this > > until you’ve pointed me in the right direction > > > > for anybody else who might have the same problem > > this is the configuration part in cisco router > > > > crypto ipsec transform-set VPN esp-3des esp-sha-hmac > > > > and I set the Phase2 in Shrew to > > Transform Algorithm: esp-3des > > HMAC Algorithm: sha1 > > PFS Exchange: group 2 > > > > Thank you again , and hope this helps some other users who are having > trouble. > Thanks for feedback... What the configuration before ? (auto ?) > > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Alexis > La Goutte > *Sent:* Friday, May 22, 2015 3:02 PM > > *To:* Alexandru Duzsardi > *Cc:* [email protected] > *Subject:* Re: [vpn-help] VPN tunnel is up but can't ping internal network > > > > Hi Alexandru, > > After quick look, you received a "received peer NO-PROPOSAL-CHOSEN > notification" > > You need to check phase 2 parameter, there is a problem (setting don't > match). > > Regards, > > > > On Fri, May 22, 2015 at 1:19 PM, Alexandru Duzsardi < > [email protected]> wrote: > > Ok , these are the logs but I removed many things from them , basically > anything that looked suspicious to me > > cookie, spi, message , real ip – replaced with dots or x > > > > Thank you for taking an interest in resolving the problem. > > > > > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Alexis > La Goutte > *Sent:* Thursday, May 21, 2015 9:54 PM > *To:* Alexandru Duzsardi > *Cc:* [email protected] > *Subject:* Re: [vpn-help] VPN tunnel is up but can't ping internal network > > > > > > > > On Thu, May 21, 2015 at 8:27 PM, Alexandru Duzsardi < > [email protected]> wrote: > > on the router or on shrew client? > > Both > > For Shrew, the information is available here to get log > https://www.shrew.net/support/VPN_Bug_Report_Windows > > i just noticed that i only posted the IOS version not the actual harware > > the harware is an old Cisco 1760 router, not a pix/asa firewall > > > > Sent from android mobile > > > > Alexis La Goutte <[email protected]> wrote: > > > > Hi, > > Do no forget to add vpn-help list to CC. > > There is a lot of VPN concentrator but there is a menu with Logs... need > to check logs... > > Regards, > > > > On Thu, May 21, 2015 at 8:05 PM, Alexandru Duzsardi < > [email protected]> wrote: > > how do i check all of these, sorry but i'm not very familiar with cisco vpn > configurations. > > > > I always used openvpn and/or pptp in the past. Now i'm working at a company > and i "inhereted" the cisco vpn concentrator without any real documentation > just the login credentials. > > > > Sent from android mobile > > > > Alexis La Goutte <[email protected]> wrote: > > > > Hi Alexandru, > > What say the log of your Cisco VPN Gateway ? > > When the VPN tunnel is UP, on Network Tab, there is Security Associations > Established ? > > > > What Do you have configure on Policy Generation level ? > > Regards, > > > > On Thu, May 21, 2015 at 10:23 AM, Alexandru Duzsardi < > [email protected]> wrote: > > Hello, > > I’m trying to change our Cisco vpn clients with Shrew , as many of you > know that there are some issues with Cisco’s VPN client and windows 8(.1) > > I’ve already tried everything that I could find on the net but it did not > solve the issue. > > > > So back to the problem in hand , I’ve imported the vpn profile from cisco > client in shrew , it sets up the tunnel but I can’t ping any IP from the > internal network(s) at our office. > > We are using a Cisco IOS Software, C1700 Software > (C1700-ADVSECURITYK9-M), Version 12.4(6)XT2, RELEASE SOFTWARE (fc2) router > as our VPN concentrator > > I can post the relevant parts of the IPSec configuration if needed > > > > This is the client profile for now > > > > n:version:4 > > n:network-ike-port:500 > > n:network-mtu-size:1380 > > s:client-auto-mode:pull > > s:client-iface:virtual > > n:client-addr-auto:1 > > n:network-natt-port:4500 > > n:network-natt-rate:15 > > s:network-frag-mode:disable > > n:network-frag-size:540 > > n:network-dpd-enable:1 > > n:network-notify-enable:1 > > n:client-banner-enable:1 > > s:ident-server-type:any > > s:phase1-exchange:aggressive > > s:phase1-cipher:auto > > s:phase1-hash:auto > > n:phase1-dhgroup:2 > > n:phase1-life-secs:86400 > > s:phase2-transform:auto > > s:phase2-hmac:auto > > n:phase2-pfsgroup:0 > > s:ipcomp-transform:disabled > > n:client-dns-used:1 > > n:client-dns-auto:1 > > n:client-dns-suffix-auto:1 > > n:client-splitdns-used:1 > > n:client-splitdns-auto:1 > > n:client-wins-used:1 > > n:client-wins-auto:1 > > n:phase2-life-secs:3600 > > n:phase2-life-kbytes:0 > > n:policy-nailed:0 > > n:policy-list-auto:1 > > s:network-host:x.x.x.x (Public IP of the router) > > s:auth-method:mutual-psk-xauth > > s:ident-client-type:keyid > > s:ident-client-data:Work > > b:auth-mutual-psk:xxxxxxxxxxxxxxxx (Pre Shared Key) > > s:client-saved-username:imicev > > s:network-natt-mode:enable > > > > > > If needed I will post the relevant parts of the router too. > > Any help would be greatly appreciated. > > Thank you! > > > _______________________________________________ > vpn-help mailing list > [email protected] > https://lists.shrew.net/mailman/listinfo/vpn-help > > > > > > > > >
_______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
