[Vpn-help] Exclude policy disliked by Cisco concentrator?

[Robert]

I'm trying to get the Shrew VPN client working with my company's Cisco VPN
Concentrator because my company's Cisco VPN client config forces all traffic
to be tunneled, so I can't access my local network and the Internet through
my local connection.

If I have Shrew VPN configured with a Policy to 'Tunnel All' or just have an
Include statement to include my local network, then my connection is stable
and I can access the remote and local network. But of course Internet
connections are still tunneled.

If I have a policy with just exclude statements so only company networks are
tunneled, then my connection almost always breaks down. I can connect to the
concentrator just fine and obtain an ip address, but I can't access any
remote networks and the gateway disconnects me after about ten seconds.

Is this a problem with the Shrew VPN client or can the remote Cisco
concentrator sense something not right with my policy configuration and
disconnect me? Weird that just includes work but not excludes. Could I be
missing a network that I need to include in my policy?

How may I find out why I get disconnected? I ran the Trace Utility at debug
level but only see entries under [Security Policies], [Security
Associations], and [Firewall Rules].

Thanks,
Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20090218/50214ac3/attachment-0001.html>