[Vpn-help] Shrew's VPN Client and Linksys RV042 - pls help

Jose Romeu Robazzi jrobazzi at globo.com
Sun Oct 26 15:03:52 CDT 2008 

Hello Matthew,
 
Thank you very much, it worked. 
 
Best regards.

-----Original Message-----
From: Matthew Grooms [mailto:mgrooms at shrew.net] 
Sent: Friday, October 24, 2008 1:25 PM
To: Jose Romeu Robazzi
Cc: vpn-help at lists.shrew.net
Subject: Re: [Vpn-help] Shrew's VPN Client and Linksys RV042 - pls help

Jose Romeu Robazzi wrote:
> Hello all,

Hi Jose,

> I am trying to connect to a RV042 router in a VPN Group, but the 
> connection does not seem to work.
>  
> I am using Shrew Soft VPN Access Manager v. 2.1.2. <http://2.1.2.> 
> Configuration is as follows:
> Auto Configuration: "disable"
> Local Host Address Method is: "Use an existing adapter..."
> NAT Traversal: "disable"
> IKE Fragmentation: "disable"
> Enable Dead Peer Detection: checked
> Name resolution: everything unchecked
> Authentication Method: "Mutual PSK"
> Local Identity: "User FQDN"
> Phase 1: "aggressive, group2, aes,256, md5, 28800, 0"
> Phase 2: "esp-aes,256, md5, group2, disabled, 3600, 0"
> Included lan behind the router paramenter in the "Remote Network 
> Resource" list in the policy tab.
>  
> In the router I have:
> Local Group Setup matching lan behind the router parameters Remote 
> Client Setup matching User FQDN IPSec setup matching Phase 1 and Phase 
> 2 parameters above, with Perfect Forward Secrecy checked
>  

The router says it thinks the exchange should be configured "Aggressive 
mode peer ID is ID_USER_FQDN: 'name at name.com.br'". The client says that 
there was a "!! : phase1 id type mismatch ( received ipv4-host but 
expected fqdn )".

In other words, you need to modify the client to be configured as so ...

Site Configuration
\Authentication Tab
  \Local Identity
   \Identification Type = 'User Fully Qualified Domain Name'
    UFQDN String = 'name at name.com.br'
  \Remote Identity
   \Identification Type = 'IP Address'
    Address String = Checked - Use discovered remote host address

... then it should work properly.

>  
> Please help, I must be forgetting something silly for this to work.
>  
> Thank you very much and regards,
>  

Good luck,

-Matthew

More information about the vpn-help mailing list