[Vpn-help] Cisco Client Access Rules
Kang Sun
sun_kang at hotmail.com
Tue Dec 15 13:47:19 CST 2009
I am having problem using shrew vpn-client connecting to Csico Easy VPN with Dynamic Virtual Templates Interface (DVTI). I believe I passed both phase 1 and phase because I am assinged an IP address from the right pool and received DNS server IPs correctly (Let me know otherwise). However, the routing does not work and I could not go anywhere.
I am excited about the latest release vpn-client-2.2.0-appversion.exe but it gives me the same result.
This VPN Server work fine with cisco-client on XP Pro.
Have anybody successfully configured The Shrew vpn-client with a Cisco Easy VPN, with or without DVTI? If so, could you please share with me your Shrew Client and Cisco Server configurations? Thanks!
Could anyone please help me diagnose my problem? Thanks!
-- Kang
Here is the IP information I got after Shrew VPN Client (2.2.0-appversion) connection.
C:\>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : T60-ksun
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abinitio.com
PPP adapter Verizon Wireless - VZAccess:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 75.194.68.124
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 75.194.68.124
DNS Servers . . . . . . . . . . . : 66.174.95.44
66.174.92.14
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter {0D9070E7-BEC1-4026-A6DC-7BE8ECE53980}:
Connection-specific DNS Suffix . : abinitio.com
Description . . . . . . . . . . . : Shrew Soft Virtual Adapter - Packet
Scheduler Miniport
Physical Address. . . . . . . . . : AA-AA-AA-92-8C-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.55.30.215
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.55.30.215
DNS Servers . . . . . . . . . . . : 10.50.30.66
10.50.30.67
Primary WINS Server . . . . . . . : 10.50.30.66
Secondary WINS Server . . . . . . : 10.50.30.67
C:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 cf b7 a2 61 ...... 11a/b/g Wireless LAN Mini PCI Express Adapter -Packet Scheduler Miniport
0x3 ...00 16 41 e0 01 50 ...... Intel(R) PRO/1000 PL Network Connection - Packet Scheduler Miniport
0x10005 ...7a 80 20 00 02 00 ...... PANTECH PC Card WWAN Controller - Packet Scheduler Miniport
0x20006 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x20007 ...aa aa aa 92 8c 00 ...... Shrew Soft Virtual Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.55.30.215 10.55.30.215 1
0.0.0.0 0.0.0.0 75.194.68.124 75.194.68.124 101
10.55.30.0 255.255.255.0 10.55.30.215 10.55.30.215 30
10.55.30.215 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.55.30.215 10.55.30.215 30
66.174.121.64 255.255.255.255 75.194.68.124 75.194.68.124 1
75.194.68.124 255.255.255.255 127.0.0.1 127.0.0.1 50
75.255.255.255 255.255.255.255 75.194.68.124 75.194.68.124 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
144.232.210.242 255.255.255.255 75.194.68.124 75.194.68.124 1
224.0.0.0 240.0.0.0 10.55.30.215 10.55.30.215 30
224.0.0.0 240.0.0.0 75.194.68.124 75.194.68.124 1
255.255.255.255 255.255.255.255 10.55.30.215 10.55.30.215 1
255.255.255.255 255.255.255.255 75.194.68.124 2 1
255.255.255.255 255.255.255.255 75.194.68.124 3 1
255.255.255.255 255.255.255.255 75.194.68.124 75.194.68.124 1
255.255.255.255 255.255.255.255 75.194.68.124 10005 1
Default Gateway: 10.55.30.215
===========================================================================
Persistent Routes:
None
> From: NMaio at guesswho.com
> To: mgrooms at shrew.net
> Date: Sun, 13 Dec 2009 10:22:25 -0500
> CC: vpn-help at lists.shrew.net
> Subject: Re: [Vpn-help] Cisco Client Access Rules
>
> Matthew,
> I had a few moments to test today and this worked perfectly. It now appears to mimic a Cisco client type and version.
> Thank you.
> Nick
>
> ________________________________________
> From: Matthew Grooms [mgrooms at shrew.net]
> Sent: Saturday, December 12, 2009 6:12 PM
> To: Nicholas Maio
> Cc: vpn-help at lists.shrew.net
> Subject: Re: [Vpn-help] Cisco Client Access Rules
>
> NMaio at guesswho.com wrote:
>> Great news. Thanks Matthew.
>>
>
> Hi Nick,
>
> Please give this build a try ...
>
> http://www.shrew.net/download/vpn/vpn-client-2.2.0-appversion.exe
>
> You should see two additional modecfg attributes being sent by the
> client that look something like this ...
>
> 09/12/12 17:04:09 ii : - Application Version = Cisco Systems VPN Client
> 4.8.00 (0490):WinNT
> 09/12/12 17:04:09 ii : - CISCO Firewall Type = UNKNOWN
>
> ... With any luck, this will work around your gateway negotiation issue.
> Let me know how it goes. If the situation improves I'll port the changes
> to the 2.1.6 branch.
>
> Thanks,
>
> -Matthew
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/177141664/direct/01/
More information about the vpn-help
mailing list